Omada Viewer
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a read-only Omada diagnostics helper, but users should handle the required controller API credentials carefully and keep them viewer-scoped.
This skill looks appropriate for read-only Omada troubleshooting. Before using it, create a dedicated Viewer-level Omada Open API app, keep the client secret out of chat, avoid disabling SSL verification unless necessary, and do not use the broad endpoint reference to perform configuration changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API app is over-privileged, the same credentials could allow broader controller access than this read-only skill needs.
The skill needs credentials to the user's Omada controller, which is expected for this purpose but gives access to network inventory and controller data.
Requires user-provided Omada Open API credentials... Required configuration: `OMADA_URL`, `OMADA_CLIENT_ID`, `OMADA_CLIENT_SECRET`
Create a dedicated Omada Open API app with Viewer permissions, store credentials in environment variables or a local secret store, and do not paste secrets into chat.
Disabling SSL verification could make controller credentials or diagnostic data easier to intercept on an untrusted network.
The script allows TLS certificate verification to be disabled for local/self-signed controllers. This is disclosed and optional, but it can weaken protection for credentials and API responses.
OMADA_VERIFY_SSL - Set to "false" to disable SSL verification
Keep SSL verification enabled when possible, use a trusted certificate or trusted local network, and only set `OMADA_VERIFY_SSL=false` when you understand the risk.
A user or agent reading the reference file could see mutation endpoints, but the skill's documented commands do not instruct using them for changes.
The broad endpoint catalog includes write-capable API endpoints, even though SKILL.md and the visible helper script are framed as read-only diagnostics.
POST ... Create new filter ... PUT ... Modify an existing filter ... DELETE ... Delete an existing filter
Use only the read-only commands and GET endpoints for this skill, and keep the Omada API app limited to Viewer permissions.
Installation may vary by environment, and users should avoid installing packages from untrusted sources.
The script depends on the Python requests package, but the skill has no install spec or pinned dependency declaration. This is common for a small helper script, but users may need to manage the dependency themselves.
Error: requests library required. Install with: pip install requests
Install dependencies from a trusted Python environment and review the included scripts before running them.