← Back to Skills Marketplace
Pi-hole Control
by
Aanish Bhirud
· GitHub ↗
· v2.0.1
2100
Downloads
2
Stars
10
Active Installs
2
Versions
Install in OpenClaw
/install pihole
Description
Control Pi-hole v6 DNS ad blocker: check status, view stats, enable/disable block, and analyze blocked domains via API.
Usage Guidance
Before installing: (1) Inspect the included pihole.sh to confirm it only contacts your Pi‑hole API and does not read unrelated files or contact external endpoints. Check how it sends the API token — avoid command‑line embedding that can appear in process lists. (2) Update/confirm the skill manifest lists required binaries (curl, jq) and required config/env variables (PIHOLE_API_URL, PIHOLE_API_TOKEN, PIHOLE_INSECURE). (3) If you do not want the agent to toggle your network ad blocker autonomously, set disableModelInvocation: true (or require explicit user invocation). (4) Be cautious with the 'insecure' option (curl -k) — use it only on trusted local networks. (5) If you’re unsure, run the script in a restricted environment or review/modify it to log minimal info and not expose secrets.
Capability Analysis
Type: OpenClaw Skill
Name: pihole
Version: 2.0.1
The OpenClaw Pi-hole skill is classified as benign. The `pihole.sh` script interacts with a user-configured Pi-hole API using `curl` and `jq` for legitimate control and status reporting. Configuration is loaded from environment variables or `clawdbot.json`. Sensitive API tokens are handled securely by being passed in the JSON body and environment variables, not as command-line arguments. While the `insecure: true` option for `curl -k` is present, it is explicitly user-configurable and documented for self-signed certificates on local Pi-hole instances, which is a common and legitimate use case. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts against the agent in `SKILL.md`.
Capability Assessment
Purpose & Capability
Name and SKILL.md describe Pi‑hole v6 control and the documented API calls match that purpose. However the registry metadata lists no required binaries or env vars while the SKILL.md explicitly requires curl and jq and documents PIHOLE_API_URL/PIHOLE_API_TOKEN/PIHOLE_INSECURE — a manifest mismatch that should be corrected.
Instruction Scope
Runtime instructions are narrowly scoped to calling Pi‑hole API endpoints (auth, status, enable/disable, stats, queries). They do not instruct reading unrelated files or exfiltrating data. Note: the SKILL.md documents an 'insecure' option that adds curl -k (bypassing TLS verification) which reduces transport security when used.
Install Mechanism
This is instruction-only with no install spec, so nothing is written to disk by an installer. That lowers risk. There is one shell script (pihole.sh) included — you should inspect it before enabling the skill.
Credentials
The skill uses a Pi‑hole API token and URL (documented in SKILL.md and as environment variables or Clawdbot config), but the registry metadata declares no required environment variables. The skill appropriately needs only the Pi‑hole credentials, but the manifest should list them explicitly. Also confirm how the included pihole.sh handles the token (environment variable vs command line) because command‑line embedding could expose secrets via process listings on some systems.
Persistence & Privilege
The skill does not set disableModelInvocation and is therefore callable by the model autonomously. Because the skill can enable/disable network ad‑blocking (a disruptive network control), allowing the model to trigger it without explicit user invocation is a meaningful risk. Consider requiring explicit user invocation or setting disableModelInvocation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pihole - After installation, invoke the skill by name or use
/pihole - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
Updated to Pi-hole v6 API with session-based authentication, proper SSL handling, and comprehensive security audit. All PII removed.
v2.0.0
Updated to Pi-hole v6 API with session-based authentication, proper SSL handling, and comprehensive security audit
Metadata
Frequently Asked Questions
What is Pi-hole Control?
Control Pi-hole v6 DNS ad blocker: check status, view stats, enable/disable block, and analyze blocked domains via API. It is an AI Agent Skill for Claude Code / OpenClaw, with 2100 downloads so far.
How do I install Pi-hole Control?
Run "/install pihole" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pi-hole Control free?
Yes, Pi-hole Control is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Pi-hole Control support?
Pi-hole Control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pi-hole Control?
It is built and maintained by Aanish Bhirud (@baanish); the current version is v2.0.1.
More Skills