ClawHub

Adguard Test

v1.2.1

Query AdGuard Home instances for real-time DNS stats, blocked domains, client activity, service status, and configuration details.

0· 325·0 current·0 all-time
byLeo Li@foxleoly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and docs implement AdGuard Home querying and monitoring (HTTP API calls to user-provided AdGuard instances), which matches the stated purpose. However, there are metadata/name mismatches: registry header lists this skill as 'Adguard Test' / slug 'adguard-test', while README/manifest/commands refer to 'adguard-home' and use the ClawHub install name 'adguard-home'. This is an incoherence in packaging/metadata that could confuse installation and provenance checks.
!
Instruction Scope
SKILL.md and README instruct users to create/edit ~/.openclaw/workspace/adguard-instances.json (and recommend environment variables / 1Password). The runtime code (index.js) loads adguard-instances.json from the skill directory (__dirname) or from ADGUARD_* env vars — it does not read ~/.openclaw/workspace by default. This mismatch means a user who follows SKILL.md may place credentials in a different path than the skill will actually read, increasing risk of credentials being left in unexpected locations. Aside from that, instructions remain scoped to configuring AdGuard instances and do not direct reading unrelated system files or sending data to third-party endpoints.
Install Mechanism
There is no install spec that downloads external code; the package is instruction-plus-code bundled in the skill. No external download URLs or archive extraction are present. This is low install risk, but verify origin due to repository/slug mismatch and 'Source: unknown' in the registry header.
Credentials
The registry metadata lists no required credentials, but the SKILL.md/README recommend ADGUARD_URL/ADGUARD_USERNAME/ADGUARD_PASSWORD or 1Password CLI. The runtime prefers env vars and will accept a local config file containing plaintext credentials. Requesting those credentials is proportional to the stated function, but storing them in files is risky — the docs repeatedly warn against committing them and recommend chmod 600. Users should prefer environment variables or a secrets manager. The code does perform URL validation and input sanitization.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It does not modify other skills' configs. It reads a local config or environment variables and makes network calls to the user-provided AdGuard instances only.
Scan Findings in Context
[historical_execSync_usage_CWE-78] unexpected: SECURITY_AUDIT.md documents a prior execSync/curl-based command-injection vulnerability (v1.1.1) that the author claims to have fixed in v1.2.0 by replacing shell calls with native http/https usage. The current index.js shows native HTTP usage and no child_process calls; still, the historical finding is relevant and suggests reviewing the current code for regressions.
[plaintext_credentials_in_config_CWE-312] expected: The skill requires credentials to access AdGuard instances; SKILL.md and README explicitly warn about plaintext storage and recommend env vars or 1Password. The presence of plaintext-config guidance is expected for this purpose, but remains a security risk and requires user action (chmod 600, use secrets manager).
[no_pre-scan_injection_signals] expected: Automated pre-scan reported no active injection signals. This aligns with the presented secure implementation, but absence of matches is not a guarantee — manual review of index.js found no evident exfiltration or hardcoded external endpoints.
What to consider before installing
This skill generally does what it says (querying your AdGuard Home instances), but don't install blindly. Before use: 1) Verify which config path the deployed code will read — SKILL.md suggests ~/.openclaw/workspace/adguard-instances.json but index.js reads adguard-instances.json next to the skill; place credentials where the code actually looks or switch to environment variables. 2) Prefer ADGUARD_URL/ADGUARD_USERNAME/ADGUARD_PASSWORD or a secrets manager (1Password) rather than plaintext files, and set file permissions (chmod 600) if you must use a file. 3) Confirm the skill origin and integrity (the registry entry shows 'adguard-test' while files reference 'adguard-home'); get the package from a trusted source (official ClawHub entry or the author's verified repo). 4) Review index.js yourself (it's bundled) to ensure no unexpected network destinations or logging of secrets, and run it in a sandbox or isolated environment before granting access to production systems. If you want help reconciling the config-path mismatch or verifying the code, provide the installed path and I can point to the exact lines to inspect.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ez1nwp3h2hrgt0k22fk8dvx81vs07

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments