UniFi Network

What to check before installing: - Metadata mismatch: the package metadata lists no required env vars/binaries, but the scripts need UNIFI_URL and UNIFI_API_KEY (or a config file) and the binaries curl and jq. Don't rely solely on the registry metadata—follow SKILL.md. - Secrets: supply a read-only UniFi API key and keep it limited to Network read scope. The skill stores that key in ~/.clawdbot/credentials/unifi/config.json (SKILL.md recommends chmod 600) and caches API responses in ~/.clawdbot/cache/unifi/; secure those files and consider filesystem backups/rotations. - UNIFI_URL safety: ensure UNIFI_URL points to your trusted UniFi host (typically an internal host). If an attacker can control that URL, they could receive API requests/responses. The skill will send your API key to whatever UNIFI_URL you configure. - Autonomy: the skill is allowed to be invoked by the agent (normal). If you are concerned about autonomous access to network inventory data, consider disabling autonomous invocation for this skill or restricting when it can be used. - Verify binaries: ensure curl and jq are present in the runtime environment; run scripts/setup_test.sh to validate connectivity and endpoint shapes before regular use. - If you need stronger guarantees: ask the publisher to correct registry metadata to declare required env vars and primaryEnv (UNIFI_API_KEY), and to document the cache/content retention policy. If you cannot verify the publisher, review the included scripts yourself (they are readable) or run them in a controlled environment first.