Unifi

Query and monitor UniFi network via local gateway API (Cloud Gateway Max / UniFi OS). Use when the user asks to "check UniFi", "list UniFi devices", "show who's on the network", "UniFi clients", "UniFi health", "top apps", "network alerts", "UniFi DPI", or mentions UniFi monitoring/status/dashboard.

This skill appears to implement a legitimate UniFi read-only monitor, but review and accept a few risks before installing: - Credentials: the skill requires a local UniFi admin username/password stored in ~/.clawdbot/credentials/unifi/config.json (or via environment variables). That file contains plaintext credentials — ensure you set restrictive permissions (chmod 600) and consider creating a dedicated low-privilege local admin for the API. - Metadata mismatch: the registry entry lists no required config paths/env, but the skill actually requires the config file or env vars. Treat this as an indicator the package metadata is incomplete; verify the file location and ownership before running. - Disk writes: the scripts write files (dashboard_debug_dump.json and $HOME/clawd/memory/bank/unifi-inventory.md) that contain sensitive network data. If you don’t want that persisted, edit the scripts to disable dumps or change paths to a secure location. - SSL verification: the scripts use curl -k to skip TLS verification (common with self-signed UniFi certs). This is insecure in network environments where the gateway might be spoofed — if possible, use a valid certificate or modify scripts to verify certs. - Review scripts locally: because this is an instruction-based skill with runnable shell scripts, inspect scripts locally before use and consider running them in a controlled environment first. If you’re uncomfortable with plaintext creds or disk persistence, either modify the scripts to use a more secure auth method (token, restricted account) or do not install. If you want, I can list the exact places in the scripts to change to improve security (e.g., remove debug dump, enforce cert verification, set strict file perms).

Type: OpenClaw Skill Name: unifi Version: 1.0.1 The skill is designed to query and monitor UniFi network devices via the local gateway API. All API calls are read-only GET requests to the specified UniFi controller URL, using credentials stored in `~/.clawdbot/credentials/unifi/config.json`. The `SKILL.md` and `README.md` clearly state the purpose and do not contain any prompt injection attempts. The use of `curl -k` (disabling SSL verification) is noted as a common necessity for UniFi's self-signed certificates and is not indicative of malicious intent in this context. A debug file `dashboard_debug_dump.json` is created locally by `scripts/dashboard.sh`, which is a minor concern but not malicious. The skill's behavior is aligned with its stated purpose and lacks clear evidence of intentional harmful actions.