📦 Pi-hole Control — 管理DNS去广告

Name: Pi-hole Control — 管理DNS去广告
Rating: 2

v2.0.1

通过API一键掌控Pi-hole v6：实时查看运行状态与拦截统计，随时启停广告屏蔽，深度分析被拦域名，让网络更纯净。

2· 2.1k·10 当前·10 累计

by @baanish (Aanish Bhirud)

网络工具 API工具安全系统工具自动化

下载技能包

最后更新

2026/3/5

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

Before installing: (1) Inspect the included pihole.sh to confirm it only contacts your Pi‑hole API and does not read unrelated files or contact external endpoints. Check how it sends the API token — avoid command‑line embedding that can appear in process lists. (2) Update/confirm the skill manifest lists required binaries (curl, jq) and required config/env variables (PIHOLE_API_URL, PIHOLE_API_TOKEN, PIHOLE_INSECURE). (3) If you do not want the agent to toggle your network ad blocker autonomousl...

详细分析 ▾

ℹ 用途与能力

Name and SKILL.md describe Pi‑hole v6 control and the documented API calls match that purpose. However the registry metadata lists no required binaries or env vars while the SKILL.md explicitly requires curl and jq and documents PIHOLE_API_URL/PIHOLE_API_TOKEN/PIHOLE_INSECURE — a manifest mismatch that should be corrected.

✓ 指令范围

Runtime instructions are narrowly scoped to calling Pi‑hole API endpoints (auth, status, enable/disable, stats, queries). They do not instruct reading unrelated files or exfiltrating data. Note: the SKILL.md documents an 'insecure' option that adds curl -k (bypassing TLS verification) which reduces transport security when used.

✓ 安装机制

This is instruction-only with no install spec, so nothing is written to disk by an installer. That lowers risk. There is one shell script (pihole.sh) included — you should inspect it before enabling the skill.

⚠ 凭证需求

The skill uses a Pi‑hole API token and URL (documented in SKILL.md and as environment variables or Clawdbot config), but the registry metadata declares no required environment variables. The skill appropriately needs only the Pi‑hole credentials, but the manifest should list them explicitly. Also confirm how the included pihole.sh handles the token (environment variable vs command line) because command‑line embedding could expose secrets via process listings on some systems.

⚠ 持久化与权限

The skill does not set disableModelInvocation and is therefore callable by the model autonomously. Because the skill can enable/disable network ad‑blocking (a disruptive network control), allowing the model to trigger it without explicit user invocation is a meaningful risk. Consider requiring explicit user invocation or setting disableModelInvocation.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv2.0.12026/1/14

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install pihole

镜像加速npx clawhub@latest install pihole --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库