Adguard Home
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
Install only if you are comfortable giving the agent access to your AdGuard Home instance. Prefer environment variables or a secrets manager over plaintext config, restrict any config file to your user account, and be careful when asking for query logs because they may reveal private browsing and device activity. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If high-privilege or shared credentials are used, the agent can access AdGuard information available to that account, including configuration and logs.
The skill uses configured AdGuard Home credentials to authenticate and obtain a session cookie. This is necessary for the stated purpose, but it grants the skill whatever access that AdGuard account has.
const { url, username, password } = instance; ... const cookie = await authenticate(url, username, password);Use a dedicated least-privilege account if AdGuard supports it, prefer environment variables or a secrets manager, protect any local config file with strict permissions, and use HTTPS when not strictly local.
DNS logs can reveal browsing habits, apps in use, blocked services, and devices on the network.
The skill can retrieve DNS query-log entries containing domains and client IP addresses into the agent conversation/context.
/adguard querylog [instance] [n] # Recent n queries ... BLOCKED api.telegram.org (192.168.145.188)
Request query logs only when needed, keep limits small, avoid sharing transcripts that contain DNS logs, and redact domains or client IPs before forwarding outputs.