UnraidClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
UnraidClaw appears to do what it advertises, but it gives agents powerful Unraid server control and should be installed only with tightly scoped API permissions.
Install only if you want an AI agent to help administer your Unraid server. Use a dedicated least-privilege UnraidClaw API key, disable destructive permissions unless you truly need them, prefer HTTPS with certificate verification, verify the npm package/version before installing, and require human approval for actions like reboot, shutdown, stopping the array, removing containers, creating containers with host mounts, or force-stopping VMs.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with permission to use these tools could stop workloads, reboot or shut down the server, or interrupt access to stored data and services.
The plugin intentionally exposes high-impact server administration actions to the agent, including reboot and shutdown. This matches the stated Unraid management purpose, but misuse could disrupt services.
description: "Reboot the Unraid server. This is a destructive operation that will interrupt all running services, VMs, and containers."
Use a least-privilege UnraidClaw API key, disable destructive permissions unless needed, and require explicit user approval for shutdown, reboot, array stop, container removal, and VM force-stop actions.
If granted, the agent could deploy persistent containers or mount server paths into containers, which may expose or alter data depending on the container configuration.
The Docker create tool can start arbitrary containers with ports, volumes, environment variables, networks, and restart policies. This is expected for Docker administration, but it is a broad capability.
name: "unraid_docker_create" ... "Create and start a new Docker container" ... "volume mounts" ... "restart policy"
Grant Docker create/remove permissions only when needed, review image names and volume mounts before execution, and avoid allowing agents to create privileged or broad host-mounted containers.
Anyone who obtains the API key, or any agent allowed to use an overly broad key, may be able to control parts of the Unraid server according to that key's permissions.
The plugin authenticates requests to the configured UnraidClaw server using an API key. This is necessary for the integration, but the key may authorize powerful server actions.
const headers: Record<string, string> = { "x-api-key": apiKey }Create a dedicated least-privilege API key, store it only in the OpenClaw plugin configuration, rotate it if exposed, and prefer HTTPS with certificate verification enabled.
A network attacker could impersonate the UnraidClaw server if TLS verification is disabled, potentially seeing the API key or influencing responses.
TLS verification bypass is explicitly configurable and defaults to false. If enabled, the API key and commands are more exposed to interception on an untrusted network.
"tlsSkipVerify": { "type": "boolean", "description": "Skip TLS certificate verification", "default": false }Use a valid certificate when possible. Only enable tlsSkipVerify for a trusted local server/network and avoid sending the API key over public or untrusted networks.
If the npm package source or version is not what the user expects, installing it could grant server-control capabilities to unreviewed code.
The installation command pulls the npm package by name without pinning an exact version or checksum. This is a normal user-directed plugin install, but package provenance matters because the plugin has high-impact server permissions.
npm pack unraidclaw && openclaw plugins install unraidclaw-*.tgz
Install from a trusted npm package version, verify it matches the intended GitHub/project release, and consider pinning the version before installation.
Secrets or misleading instructions embedded in logs could be exposed to the agent or influence its reasoning if treated as trusted instructions.
The plugin can return server logs into the agent context. Logs are useful for administration but may contain sensitive data or untrusted text generated by other services.
name: "unraid_syslog", description: "Get recent syslog entries from the Unraid server."
Avoid requesting broad logs unless needed, redact secrets before sharing outputs, and treat log content as untrusted diagnostic data rather than instructions.