ClawHub

Unraid CLI

v0.4.0

TypeScript CLI for Unraid Server GraphQL API. 12 command groups for system, arrays, disks, containers, VMs, shares, logs, and diagnostics. Built for humans a...

0· 89·0 current·0 all-time
byIngo@ingodibella
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, required binaries (ucli), and required env vars (UNRAID_HOST, UNRAID_API_KEY) match a CLI that talks to an Unraid GraphQL API. The install step (npm package unraid-cli producing ucli) is appropriate for this purpose.
Instruction Scope
SKILL.md only instructs the agent to run ucli commands, use --output json/--quiet, and reference the CLI config path (~/.config/ucli/config.yaml). It does not ask the agent to read unrelated files, exfiltrate data, or call unexpected endpoints. (The SKILL.md content is duplicated in places, but that is a documentation quality issue rather than a security mismatch.)
Install Mechanism
Installation is via npm (package: unraid-cli) which is a typical delivery for a Node CLI. This is a moderate-risk install mechanism because npm packages execute code on install/run; the skill bundle itself contains no package source to scan, so the marketplace static scanner could not analyze the actual runtime code that will be installed.
Credentials
The skill requires only UNRAID_HOST and UNRAID_API_KEY which are exactly the credentials expected for accessing an Unraid server API. No unrelated secrets or system credentials are requested.
Persistence & Privilege
The skill is not always-enabled (always: false), is user-invocable, and does not request system-wide configuration changes or access to other skills' credentials. Agent autonomous invocation is allowed but is the platform default and not in itself an extra privilege.
Assessment
This skill appears to be what it says: a thin wrapper CLI for Unraid that needs the Unraid host and an API key. Before installing, verify the npm package and GitHub repository (owner, publish history, recent activity) to reduce supply-chain risk. Because the marketplace entry is instruction-only, the scanner could not review the actual npm package code — consider inspecting the package source or installing in an isolated/test environment first. Restrict the API key's privileges and lifetime where possible, prefer profiles or per-job --api-key usage rather than broad environment variables, and test read-only workflows before enabling destructive commands (use the SKILL.md guardrails: prefer read-only, require --yes only when deliberate). Also watch for typosquatted package names when running npm install -g.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dhr333qxwqm02n9tnzmkbxs83zw30

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥️ Clawdis
Binsucli
EnvUNRAID_HOST, UNRAID_API_KEY

Install

Install unraid-cli (npm)
Bins: ucli
npm i -g unraid-cli

Comments