Adguard Home
v1.2.7Query AdGuard Home instances for real-time DNS stats, blocked domains, client activity, service status, configs, filter rules, and recent query logs.
⭐ 2· 479·2 current·2 all-time
byLeo Li@foxleoly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and docs implement an AdGuard Home query tool and legitimately require admin credentials (ADGUARD_URL, ADGUARD_USERNAME, ADGUARD_PASSWORD) to talk to the AdGuard Admin API — that is proportionate to the stated purpose. However, registry-level metadata in the top summary claims no required env vars while clawhub.json declares ADGUARD_* variables as required, and the top-level listing also said 'Source: unknown / Homepage: none' while clawhub.json embeds a GitHub repo URL. These metadata mismatches are confusing and should be resolved.
Instruction Scope
SKILL.md and the runtime code disagree about the config file location: SKILL.md tells users to create ~/.openclaw/workspace/adguard-instances.json (workspace root), while index.js's loadFromWorkspace() looks for adguard-instances.json in __dirname (skill directory). This mismatch can lead to credentials being placed in unexpected locations. Additionally, the SKILL.md contained a 'unicode-control-chars' pre-scan injection signal (see scan findings) — documentation with hidden/obfuscated characters can be used to hide malicious text or to confuse automated scanners and human reviewers. While the index.js code shows input validation and no shell exec, the ambiguous instructions and hidden characters are a concern.
Install Mechanism
There is no network download/extract install spec; the package is instruction-only with an included index.js. The code uses only Node built-ins, no external installers or archive extraction, which is low-risk from an installation mechanism perspective.
Credentials
Requiring AdGuard admin credentials is appropriate for this skill. The docs correctly recommend env vars or a secrets manager. However, the skill's documentation and manifest diverge on whether env vars are 'required' and on the config file path. SKILL.md shows examples that could encourage storing plaintext credentials in a workspace-root JSON file; the project repeatedly warns against this but leaves it as the 'local dev' option. Users should ensure they use environment variables or a secrets manager and set strict file permissions (chmod 600) if using a file.
Persistence & Privilege
No 'always: true' or other elevated persistence is requested. The skill does not declare system-wide modifications and appears limited to connecting to configured AdGuard instances. Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contains unicode control characters that triggered a prompt-injection detector. This is not necessary for a monitoring skill and could be used to hide or obfuscate content. Treat this as suspicious and inspect the raw SKILL.md file (and any other docs) for hidden characters before trusting copy/paste or automated processing.
What to consider before installing
This skill appears to implement its advertised functionality and the code shows security hardening (no exec/curl, input validation). However: 1) Verify the source: the top-level listing said 'source unknown', but clawhub.json references a GitHub repo — confirm the repo URL and review its commits and publisher identity before installing. 2) Check where you put credentials: SKILL.md and index.js disagree about the config path; avoid storing admin passwords in a plaintext file in a shared workspace root. Prefer environment variables or a secrets manager (1Password CLI) as the docs recommend. 3) Inspect SKILL.md and other docs for hidden/unusual unicode characters (the pre-scan flagged 'unicode-control-chars') — remove them or get a clean copy from the upstream repo. 4) If you must use a config file, set strict permissions (chmod 600) and consider creating a limited-service account on AdGuard with minimal privileges. 5) If in doubt, run the included index.js locally in a safe environment and review network endpoints it contacts (it should only talk to the configured ADGUARD_URLs). After addressing the metadata/config-path inconsistencies and confirming the GitHub source, the skill is reasonable to use; until then, proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
adguardvk977t5bmgw7cmjpr33wyxz6fy581q5fbchinesevk977t5bmgw7cmjpr33wyxz6fy581q5fbdnsvk977t5bmgw7cmjpr33wyxz6fy581q5fbfilteringvk977t5bmgw7cmjpr33wyxz6fy581q5fbhardeningvk970bj1t1qs95n5hk9h0k4dwp981rxa9latestvk9775qqssdtnmz2az1bbyzaty581xn6vmonitoringvk977t5bmgw7cmjpr33wyxz6fy581q5fbnetworkingvk977t5bmgw7cmjpr33wyxz6fy581q5fbprivacyvk977t5bmgw7cmjpr33wyxz6fy581q5fbsecurityvk970bj1t1qs95n5hk9h0k4dwp981rxa9self-hostedvk977t5bmgw7cmjpr33wyxz6fy581q5fbstatisticsvk977t5bmgw7cmjpr33wyxz6fy581q5fb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.