Unifi
v3.2.1Monitor and configure UniFi network infrastructure. Auto-routes between local gateway and cloud connector. Manage hosts, sites, devices, clients, WLANs, radi...
⭐ 0· 1.1k·0 current·0 all-time
byOliver Drobnik@odrobnik
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the requested environment variables and code: the skill uses a UniFi cloud API key (UNIFI_API_KEY) and optionally a local gateway IP and local API key to manage sites, devices, clients, WLANs, and events via api.ui.com and a local gateway. Required env vars and files (config.json) are appropriate for the stated purpose.
Instruction Scope
SKILL.md directs the agent to run the included Python CLI (scripts/unifi.py) and to store credentials in config.json or environment variables. The instructions and code limit actions to cloud API calls and local gateway calls. However there are small inconsistencies between docs and implementation: SETUP.md implies local access may work without a pinned fingerprint, while the included code refuses to proceed for local connections unless a gateway_fingerprint is configured (exits with an error). Also SKILL.md lists an optional UNIFI_BASE_URL env var, but the visible code sets BASE_URL to https://api.ui.com (no override shown in the truncated file). These are functional/documentation mismatches, not evidence of malicious behavior.
Install Mechanism
No install spec is present; the skill is delivered as a Python script and docs. This is low-risk: nothing is downloaded or installed automatically. The script requires the requests library (documented in SETUP.md).
Credentials
Only UNIFI_API_KEY is required (with UNIFI_GATEWAY_IP and UNIFI_LOCAL_API_KEY optional for local access). These credentials are exactly what a UniFi site manager would need. The script reads config.json from the skill directory or environment variables; there are no other unexplained secret/env requirements.
Persistence & Privilege
The skill does not request always: true and does not attempt to modify other skills or system-wide agent settings. It runs as an on-demand CLI entry point and uses network requests to UniFi endpoints or a local gateway only.
Assessment
This skill appears to be what it claims: a UniFi Site Manager CLI that needs your UniFi API key and optionally a local gateway key/IP. Before installing: 1) Verify the source code (the GitHub homepage is listed) so you trust the script; 2) Store your API key securely — config.json is local but still sensitive; prefer using environment variables if your agent environment is isolated; 3) Note the doc/code mismatch about certificate pinning: the README suggests local access may work without a fingerprint, but the included script will exit unless a gateway_fingerprint is configured — expect to supply a pinned fingerprint for secure local access; 4) Limit the API key's scope on the UniFi portal if possible and rotate it if you suspect compromise; 5) Run the script in a trusted environment only (it performs network calls to api.ui.com and to any gateway IP you configure). If you want extra assurance, review the full scripts/unifi.py file (the code is included) before enabling the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk970ez88jn9c8qkt3qjavtnpwd8172zr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvUNIFI_API_KEY