Back to skill
Skillv1.0.1
ClawScan security
Pihole Ctl · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 12, 2026, 11:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (reading the Pi-hole FTL DB and invoking pihole CLI); nothing in the package attempts network exfiltration or unrelated access, though a small metadata omission is noted.
- Guidance
- This skill appears to do what it says: query the local Pi-hole FTL DB and call the pihole CLI. Before installing, verify you have python3 and the pihole CLI on the host; the metadata omits these required binaries. Do not grant sudo or add the agent's user to the pihole group unless you trust the skill and the environment — management commands (enable/disable/gravity) need elevated privileges. Because the skill's source/homepage are unknown, inspect the included script (small and readable) yourself; it opens the DB in read-only mode and prints JSON and does not contact external servers. If you want stricter safety, restrict the agent's ability to run privileged commands and only grant read access to /etc/pihole/pihole-FTL.db.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to query the Pi-hole FTL DB and control the pihole CLI. The included script reads /etc/pihole/pihole-FTL.db and returns JSON; management actions are intended to be performed with the system 'pihole' CLI. This is coherent with the description, but the package metadata lists no required binaries even though the SKILL.md and scripts expect python3 and (for management operations) the 'pihole' CLI and appropriate system privileges.
- Instruction Scope
- okRuntime instructions are narrowly scoped: read-only queries of the local /etc/pihole/pihole-FTL.db (script opens DB in read-only mode) and optionally run pihole CLI commands for enable/disable/update. The skill does not instruct the agent to read unrelated files, transmit data to external endpoints, or access credentials.
- Install Mechanism
- okNo install spec (instruction-only with a small helper script). No downloads or archive extraction. Minimal on-disk footprint and no installer-based risks.
- Credentials
- noteThe skill requests no environment variables or credentials. It does require the agent/user to have read access to /etc/pihole/pihole-FTL.db and (for management actions) sudo or membership in the pihole group. These filesystem and privilege needs are proportional to the stated tasks, but the metadata should have declared required binaries (python3 and 'pihole') to avoid surprise.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request system-wide persistence. Model invocation is allowed (normal default). Be aware that if the agent is allowed to invoke skills autonomously, this skill could run local pihole commands that require elevated privileges — limit those permissions to trusted contexts.