ClawHub

Pi-hole Control

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned for controlling Pi-hole, but a command bug can disable blocking indefinitely when a timed disable is requested, and its API password handling is less safe than claimed.

Only install this if you are comfortable granting the agent control over your Pi-hole. Treat `off`/`disable` commands carefully until the timed-disable bug is fixed, avoid `insecure: true` unless you trust the local network, and consider rotating the Pi-hole app password after testing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

A user or agent asking to disable Pi-hole for a limited time, such as 30 minutes, may instead turn off DNS blocking indefinitely across the network.

Why it was flagged

In a bash case statement, the first matching pattern wins, so `disable` is handled as an indefinite disable and the later custom-duration branch is unreachable.

Skill content
off|disable)
        # Disable Pi-hole blocking (indefinitely)
...
    disable)
        # Disable for custom duration (in minutes)
Recommendation

Fix the command routing so `disable <minutes>` reaches the timed branch, reserve `off` for indefinite disable, and consider requiring explicit confirmation for indefinite disabling.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

The Pi-hole API credential could be exposed locally and may allow control of blocking state or access to query/statistics data.

Why it was flagged

The Pi-hole app password is expanded directly into curl's command-line arguments, which can be visible to other local processes or users while the command runs.

Skill content
curl $CURL_FLAGS ... -d "{\"password\":\"$PIHOLE_API_TOKEN\"}" ... "${PIHOLE_API_URL}/auth"
Recommendation

Pass the password via stdin or another mechanism that does not place it in argv, properly JSON-escape it, and declare the credential requirement in metadata.

#
ASI09: Human-Agent Trust Exploitation
Low
What this means

Users may underestimate the local credential-exposure risk because the documentation overstates the protection provided.

Why it was flagged

This safety claim is contradicted by the script's curl invocation, which expands the token into a `-d` command-line argument.

Skill content
Token is not visible in process list (passed via environment)
Recommendation

Update the documentation to accurately describe credential handling, and only claim process-list protection after changing the implementation.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Installation may fail or require manual setup that is not visible from the registry metadata alone.

Why it was flagged

The skill itself discloses required tools and credentials, but the registry metadata lists no required binaries, env vars, or primary credential.

Skill content
Requirements

- Pi-hole v6 or later
- App password generated in Pi-hole Admin
- Network access to Pi-hole API
- `curl`, `jq`
Recommendation

Declare curl, jq, and the Pi-hole API credential/config requirements in the skill metadata.