Pihole Ctl
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for Pi-hole monitoring and management, but users should notice that it reads DNS activity logs and may run privileged Pi-hole control commands.
Install only if you are comfortable letting the agent read Pi-hole DNS statistics and, when you approve it, run Pi-hole administrative commands. Prefer read-only database access for monitoring, keep `sudo` narrowly scoped, and treat DNS log outputs as private.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the agent could enable or disable ad blocking or refresh blocklists for the local network.
These documented commands can change Pi-hole blocking state or blocklists. That is coherent with a Pi-hole controller, but it is a mutating administrative action.
**Management**: Enable/Disable blocking (`pihole enable/disable`). **Blocklists**: Update Gravity (`pihole -g`).
Confirm before allowing mutating Pi-hole commands, especially those requiring `sudo`.
Granting these permissions gives the agent access to local DNS logs and the ability to perform Pi-hole administration.
The skill explicitly requires access to a protected Pi-hole database and may need elevated privileges for management commands.
Requires read permission on `/etc/pihole/pihole-FTL.db` ... Recommended: Add user to `pihole` group ... `pihole` CLI commands (enable/disable) require `sudo`
Use the least-privileged account that can read the database, and only grant `sudo` for specific Pi-hole commands if needed.
Outputs such as top domains or chatty clients may reveal private browsing or device activity on the local network.
The Pi-hole database contains persistent DNS query context that can reveal which devices requested which domains.
`domain`: Domain requested ... `client`: IP/Name of requestor
Avoid sharing outputs publicly, and limit use to trusted local environments where DNS log visibility is acceptable.
Users may not see all prerequisites or provenance information before installing, even though the included script is small and consistent with the purpose.
The registry metadata does not provide source provenance or declare the local runtime/config requirements that the skill documentation uses.
Source: unknown; Homepage: none; Required binaries (all must exist): none; Required config paths: none
Review the included files and confirm Python, the Pi-hole CLI, and the database path locally before use.