ClawHub
Back to skill
v3.2.1

Unifi

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:35 AM.

Analysis

The skill appears coherent for UniFi administration, but it gives an agent direct authority to change network settings such as DNS, Wi‑Fi, and radio configuration without documented approval or rollback safeguards.

GuidanceReview this skill as an administrative network-control tool, not just a monitoring helper. It is most appropriate if you are comfortable letting your agent inspect UniFi infrastructure and, with explicit approval, change DNS, WLAN, radio, and client-label settings.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
python3 {baseDir}/scripts/unifi.py set-wlan ...; python3 {baseDir}/scripts/unifi.py set-network-dns Default --dns1 1.1.1.1 --dns2 1.0.0.1; python3 {baseDir}/scripts/unifi.py set-radio --ap Living --band 5 --channel 36 --width 80 --power high

These documented commands directly modify Wi‑Fi, DNS, and radio settings on UniFi infrastructure. The artifacts do not describe confirmation, dry-run, scoped approval, or rollback safeguards for these high-impact changes.

User impactA mistaken or over-eager agent action could disrupt Wi‑Fi connectivity, DNS resolution, client compatibility, or radio performance across the network.
RecommendationInstall only if you want the agent to administer UniFi settings, and require explicit user confirmation for any set-* or label-* command before it is run.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SETUP.md
Python 3.12+; `requests` library (`pip install requests`)

The setup relies on a manually installed external Python package, but there is no install spec or pinned dependency version in the supplied artifacts. This is common for a small CLI skill, but users should install from trusted package sources.

User impactDependency installation is user-directed, but an unpinned package can change over time or be installed from an unintended source.
RecommendationInstall requests from the official Python package index or a trusted internal mirror, and consider pinning the dependency in your environment.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SETUP.md
"api_key": "YOUR_SITE_MANAGER_API_KEY", "gateway_ip": "192.168.0.2", "local_api_key": "YOUR_LOCAL_API_KEY"

The skill requires a UniFi Site Manager API key and can optionally use a local gateway API key. This is expected for the purpose, but those credentials provide sensitive administrative access to network inventory and configuration.

User impactAnyone or any agent process with access to these credentials may be able to view or change parts of your UniFi environment.
RecommendationUse least-privilege API keys if available, store config.json securely, avoid committing it to source control, and revoke keys if the skill is removed or no longer needed.