← Back to Skills Marketplace
anotb

Truenas Skill

by anotb · GitHub ↗ · v1.2.0
cross-platform ⚠ suspicious
1439
Downloads
0
Stars
4
Active Installs
4
Versions
Install in OpenClaw
/install truenas-skill
Description
Manage TrueNAS SCALE via API. Check pool health, manage datasets and snapshots, monitor alerts, control services, manage apps, orchestrate Dockge container stacks, and manage bookmarks. Use when the user asks about their NAS, storage, backups, containers, bookmarks, or homelab services.
Usage Guidance
This skill appears to be what it claims, but review and follow these precautions before installing: 1) Use a least-privilege TrueNAS API key (read-only where possible). 2) Prefer TRUENAS_VERIFY_TLS=1 and valid certificates; only disable TLS verification if you understand the risk of man-in-the-middle attacks on your LAN. 3) Only provide optional service credentials (Dockge, Sonarr, Radarr, Plex, etc.) that you intend the skill to access — every credential you supply increases exposure. 4) If you run the included Node scripts, run npm install in a controlled environment and review package-lock.json; the dependencies are common WebSocket/socket.io libs but are fetched from npm. 5) Inspect/trust the GitHub source (homepage) or run the skill in an isolated agent environment if you are unsure.
Capability Analysis
Type: OpenClaw Skill Name: truenas-skill Version: 1.2.0 The skill is classified as suspicious due to its default insecure TLS configuration (`curl -k`, `rejectUnauthorized: false`) for TrueNAS, which is explicitly mentioned and justified in `SKILL.md` and implemented in `scripts/truenas-ws.mjs`. While an override (`TRUENAS_VERIFY_TLS=1`) is provided, this default behavior introduces a potential Man-in-the-Middle vulnerability. Additionally, the skill is designed to handle a large number of sensitive API keys and URLs for various homelab services (e.g., `TRUENAS_API_KEY`, `DOCKGE_USER/PASS`, `SONARR_API_KEY`, `RADARR_API_KEY`, etc.) as environment variables, which, while necessary for its stated purpose, significantly expands the attack surface for credential exposure if the agent environment is compromised. There is no evidence of intentional malicious behavior like data exfiltration to unauthorized third parties or backdoors.
Capability Assessment
Purpose & Capability
The declared purpose (manage TrueNAS SCALE, pools, datasets, snapshots, apps, Dockge stacks, bookmarks, and related homelab services) matches the required artifacts: TRUENAS_URL and TRUENAS_API_KEY, plus curl/jq/node and scripts for WebSocket and Dockge. Optional references to other homelab services are documented as optional environment variables and align with the described integrations.
Instruction Scope
Runtime instructions and scripts operate on the user-provided service endpoints (TrueNAS, Dockge, and other optional services). They only read env vars and call those endpoints. A noteworthy security choice: TLS verification is disabled by default (curl -k and rejectUnauthorized: false) to accommodate self-signed certs — this increases MITM risk unless the user sets TRUENAS_VERIFY_TLS=1. The SKILL.md asserts credentials 'stay local' and the code sends the API key only to the configured service endpoints; there are no hard-coded external endpoints in the code.
Install Mechanism
The registry entry has no platform install spec (instruction-only), but the package includes package.json and package-lock.json referencing standard npm packages (socket.io-client, ws) from the public npm registry. That is expected for WebSocket/socket.io clients and is not unusual, but it means an install (npm install) pulls dependencies from npm — a moderate, expected risk rather than a red flag.
Credentials
Only TRUENAS_URL and TRUENAS_API_KEY are required (primaryEnv set correctly). Many other env vars are documented as optional for integrations (Dockge credentials, Sonarr/Radarr, Plex, etc.). Those optional credentials are appropriate for the broad homelab scope but increase blast radius if you provide them unnecessarily — only supply the service credentials you actually want the skill to use. Dockge scripts specifically require DOCKGE_URL/DOCKGE_USER/DOCKGE_PASS when invoked.
Persistence & Privilege
The skill does not request always: true, does not modify other skills or system-wide configs, and is user-invocable. It runs as-needed and has no implicit permanent privileges beyond normal execution.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install truenas-skill
  3. After installation, invoke the skill by name or use /truenas-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
- Added TLS control: new TRUENAS_VERIFY_TLS environment variable lets you enforce or relax certificate validation for TrueNAS connections. - Declared required environment variables and system binaries in skill metadata for compatibility checks. - Updated documentation to clarify security posture and TLS/self-signed certificate handling. - Added homepage field to metadata.
v1.1.2
Fix broken URLs: OpenClaw and Agent Skills links
v1.1.1
Update docs: add ClawHub install link, bookmarks reference, REST API deprecation notice, bump version
v1.1.0
Fix broken snapshot endpoint, harden scripts, add REST deprecation warning, add Karakeep bookmark API reference, fix Audiobookshelf endpoint, fix port collisions
Metadata
Slug truenas-skill
Version 1.2.0
License
All-time Installs 4
Active Installs 4
Total Versions 4
Frequently Asked Questions

What is Truenas Skill?

Manage TrueNAS SCALE via API. Check pool health, manage datasets and snapshots, monitor alerts, control services, manage apps, orchestrate Dockge container stacks, and manage bookmarks. Use when the user asks about their NAS, storage, backups, containers, bookmarks, or homelab services. It is an AI Agent Skill for Claude Code / OpenClaw, with 1439 downloads so far.

How do I install Truenas Skill?

Run "/install truenas-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Truenas Skill free?

Yes, Truenas Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Truenas Skill support?

Truenas Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Truenas Skill?

It is built and maintained by anotb (@anotb); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments