Synology
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only Synology skill is purpose-aligned and includes clear guardrails for risky NAS changes, admin access, and optional local notes.
This skill appears safe to install as an instruction-only Synology helper. Before using it for live changes, confirm the NAS identity, backup status, rollback plan, and whether the action is read-only or mutating. Do not paste passwords, OTP codes, private keys, recovery keys, or full support bundles into chat, and review any optional files created under ~/synology/.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved carelessly, NAS changes could affect files, backups, permissions, or public exposure.
The skill explicitly covers actions that can materially change or damage NAS data, permissions, remote access, or recovery state, but it also clearly requires user confirmation before those actions.
Require explicit confirmation before deletions, package removals, share permission rewrites, exposure changes, restore operations, or storage migrations
Only approve mutating steps after confirming backups, rollback steps, target NAS identity, and the exact change being made.
Using admin or SSH access gives the agent-guided workflow authority over important NAS settings and potentially stored data.
DSM admin or SSH access can control sensitive NAS settings and data, but the access is disclosed and expected for live Synology administration.
Live DSM changes may require admin access to the web UI and optional SSH access
Use the least privileged account that can complete the task, avoid sharing secrets in chat, and keep SSH disabled unless it is specifically needed.
Local memory files may reveal details about the user's NAS, backups, services, and network exposure if someone else can read the account.
The skill can persist NAS context such as model, DSM version, backup destinations, exposure boundaries, and incidents, but it limits this to user-approved local notes and excludes secrets.
If the user wants continuity across sessions, memory lives in `~/synology/` ... Do not store passwords, QuickConnect credentials, OTP codes, serial numbers, or copied support bundles with secrets.
Review saved notes periodically, keep the directory permissions restrictive, and do not store credentials, recovery keys, private keys, serial numbers, or secret support data.