← 返回 Skills 市场
Devices (
Clients (
Firewall (
DNS (
VPN (
ISP metrics (
UniFi Advisor
作者
arseni-mik
· GitHub ↗
· v1.0.1
· MIT-0
37
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install unifi-advisor
功能描述
Read-only UniFi network advisor covering the Site Manager cloud API and the Network Integration API. Query devices, clients, networks, firewall zones and pol...
使用说明 (SKILL.md)
UniFi Network Advisor
Read-only skill covering two official UniFi API surfaces. All operations are GET-only — no writes, no mutations of any kind.
API surfaces
Everything goes through https://api.ui.com. No direct local connection required.
| Prefix | Surface | Proxied via | Env vars needed |
|---|---|---|---|
| SM | Site Manager | api.ui.com/v1/... |
UNIFI_API_KEY |
| NET | Network Integration | api.ui.com/v1/connector/consoles/{hostId}/proxy/network/integration/v1/... |
UNIFI_API_KEY (host/site resolved automatically) |
How to call the script
python3 {baseDir}/scripts/unifi.py \x3Csubcommand> [--site SITE] [--id ID] [--limit N] [--next-token TOKEN] [subcommand-specific flags]
Some subcommands require additional flags — see the table below. Use python3 {baseDir}/scripts/unifi.py list to see all subcommands with descriptions.
Subcommands
Site Manager (SM) — cloud, single API key
| Subcommand | Endpoint | Required flags | Description |
|---|---|---|---|
hosts |
GET /v1/hosts | — | All UniFi OS consoles on the UI account |
host |
GET /v1/hosts/{id} | --id |
Console details |
sites |
GET /v1/sites | — | All sites across all consoles |
cloud-devices |
GET /v1/devices | — | All devices across all sites |
isp-metrics |
GET /ea/isp-metrics/{type} | — | ISP performance metrics |
sdwan |
GET /v1/sd-wan-configs | — | SD-WAN configurations |
sdwan-config |
GET /v1/sd-wan-configs/{id} | --id |
Specific SD-WAN config |
sdwan-status |
GET /v1/sd-wan-configs/{id}/status | --id |
SD-WAN deployment status |
Network Integration (NET) — proxied via api.ui.com, site resolved automatically
| Subcommand | Endpoint | Required flags | Description |
|---|---|---|---|
info |
GET /v1/info | — | Controller version and capabilities |
net-sites |
GET /v1/sites | — | Sites managed by this console |
devices |
GET /v1/sites/{siteId}/devices | — | Adopted devices overview |
device |
GET /v1/sites/{siteId}/devices/{id} | --id |
Device details |
device-stats |
GET /v1/sites/{siteId}/devices/{id}/statistics/latest | --id |
Latest device statistics |
devices-pending |
GET /v1/pending-devices | — | Devices pending adoption (console-scoped) |
clients |
GET /v1/sites/{siteId}/clients | — | Connected clients overview |
client |
GET /v1/sites/{siteId}/clients/{id} | --id |
Client details |
networks |
GET /v1/sites/{siteId}/networks | — | Networks overview |
network |
GET /v1/sites/{siteId}/networks/{id} | --id |
Network details |
network-refs |
GET /v1/sites/{siteId}/networks/{id}/references | --id |
What references a specific network (devices, clients, WiFi) |
wifi |
GET /v1/sites/{siteId}/wifi/broadcasts | — | WiFi broadcast (SSID) overview |
wifi-details |
GET /v1/sites/{siteId}/wifi/broadcasts/{id} | --id |
WiFi broadcast details |
firewall-zones |
GET /v1/sites/{siteId}/firewall/zones | — | Firewall zones |
firewall-zone |
GET /v1/sites/{siteId}/firewall/zones/{id} | --id |
Firewall zone details |
firewall-policies |
GET /v1/sites/{siteId}/firewall/policies | — | Firewall policies |
firewall-policy |
GET /v1/sites/{siteId}/firewall/policies/{id} | --id |
Firewall policy details |
firewall-ordering |
GET /v1/sites/{siteId}/firewall/policies/ordering | --from-zone --to-zone |
Policy ordering between two zones |
acl-rules |
GET /v1/sites/{siteId}/acl-rules | — | ACL rules |
acl-rule |
GET /v1/sites/{siteId}/acl-rules/{id} | --id |
ACL rule details |
acl-ordering |
GET /v1/sites/{siteId}/acl-rules/ordering | — | ACL rule ordering |
dns-policies |
GET /v1/sites/{siteId}/dns/policies | — | DNS policies |
dns-policy |
GET /v1/sites/{siteId}/dns/policies/{id} | --id |
DNS policy details |
traffic-lists |
GET /v1/sites/{siteId}/traffic-matching-lists | — | Traffic matching lists |
traffic-list |
GET /v1/sites/{siteId}/traffic-matching-lists/{id} | --id |
Traffic matching list details |
vouchers |
GET /v1/sites/{siteId}/hotspot/vouchers | — | Hotspot vouchers |
voucher |
GET /v1/sites/{siteId}/hotspot/vouchers/{id} | --id |
Voucher details |
wans |
GET /v1/sites/{siteId}/wans | — | WAN interfaces overview |
vpn-tunnels |
GET /v1/sites/{siteId}/vpn/site-to-site-tunnels | — | Site-to-site VPN tunnels |
vpn-servers |
GET /v1/sites/{siteId}/vpn/servers | — | VPN server configurations |
radius |
GET /v1/sites/{siteId}/radius/profiles | — | RADIUS profiles |
device-tags |
GET /v1/sites/{siteId}/device-tags | — | Device tags |
dpi-categories |
GET /v1/dpi/categories | — | DPI application categories |
dpi-applications |
GET /v1/dpi/applications | — | DPI applications |
countries |
GET /v1/countries | — | Countries list (for geo-IP rules) |
Examples
# List all sites and pick one to work with
python3 {baseDir}/scripts/unifi.py library
# firewall-ordering: get zone IDs first, then query ordering between two of them
# --from-zone and --to-zone must be real UUIDs from the firewall-zones output
python3 {baseDir}/scripts/unifi.py firewall-zones --site hq
python3 {baseDir}/scripts/unifi.py firewall-ordering --site hq --from-zone \x3CzoneId> --to-zone \x3CzoneId>
# network-refs: get network list first, then query references for a specific network
python3 {baseDir}/scripts/unifi.py networks --site hq
python3 {baseDir}/scripts/unifi.py network-refs --site hq --id \x3CnetworkId>
# sdwan-config / sdwan-status: list configs first to get an ID
python3 {baseDir}/scripts/unifi.py sdwan
python3 {baseDir}/scripts/unifi.py sdwan-config --id \x3CconfigId>
python3 {baseDir}/scripts/unifi.py sdwan-status --id \x3CconfigId>
Site library
On every invocation the skill builds a site library by joining:
GET /v1/hosts— host names (user-set), hardware model, connection state,apiIntegrationflagGET /v1/sites—siteIdperhostId
Labels come directly from the name the user set in the UniFi UI — e.g. "HQ" → hq, "Branch Office" → branch-office, "Remote Site" → remote-site. The library is cached in ~/.unifi-skill.json for 15 minutes to avoid redundant API calls.
Hosts without Network API support (e.g. a NAS device with apiIntegration: false) are included in the library but will return a clear error if targeted with NET subcommands.
Run library to see the current library including state, hardware, and API capability of each host.
Site selection
All NET subcommands accept --site \x3Chint>. The hint is matched against label, name, hardware shortname, hardware name, timezone, and IP — partial matches work.
| User says | Use |
|---|---|
| "the main office network" | --site hq |
| "remote site firewall" | --site remote-site |
| "the branch office" | --site branch-office |
| "the Dream Machine Pro" | --site udmpro |
| "the warehouse AP" | --site warehouse |
If --site is omitted the first entry in the library is used. If the hint is ambiguous the skill lists the matching labels and asks for a more specific hint.
Always specify --site when the user mentions a location or device. When the user says "my network" without specifying, run library first to show what sites are available and ask which one they mean.
How to give advice
Devices (devices, device)
status != "online"→ offline or disconnected — surface to userfirmwareStatus: "updateAvailable"→ firmware update pendingdevice-stats→ CPU/memory/uptime signals for performance issues
Clients (clients, client)
- High noise or weak signal → coverage gap, suggest AP placement review
- Unexpected clients on sensitive VLANs → flag for review
Firewall (firewall-policies, firewall-zones, acl-rules)
- Policies allowing all traffic between sensitive zones → flag as overly broad
- Cross-zone allow rules → confirm intentional with user
- Check
firewall-ordering— rules are evaluated in order; misplaced rules cause unexpected behaviour
DNS (dns-policies)
- Custom DNS policies can bypass filtering — flag any unexpected overrides
VPN (vpn-tunnels, vpn-servers)
- Tunnel state down → connectivity issue to surface
- Verify expected peers are configured
ISP metrics (isp-metrics)
- Packet loss > 1% or latency spikes → WAN quality issue, advise checking with ISP
Notes
network-refsrequires--id(a network ID). Only networks with active references (devices, clients, or WiFi assigned to them) return data — unused networks return a handled error:"Network '...' has no active references". Runnetworksfirst to list all networks, then pass the ID of one that carries traffic.firewall-orderingrequires both--from-zoneand--to-zone. Runfirewall-zonesfirst to list zone IDs. The API returns the ordered policy IDs for traffic flowing from the source zone to the destination zone.sdwan-configandsdwan-statusrequire--id. Runsdwanfirst to list configs and get an ID. These return empty on accounts without SD-WAN configured.
Source & contributing
Source code, issue tracker, and contributions: github.com/arseni-mik/open_claw-unifi-skill
Constraints
- All operations are GET-only. Never suggest using this skill to make changes.
- Guide the user to make changes in the UniFi dashboard or mobile app.
- Do not expose raw API keys in responses.
安全使用建议
This skill appears safe for its stated read-only UniFi advisory purpose. Before installing, confirm you trust the publisher, use the least-privileged UniFi API key available, remember that the assistant may see sensitive network details, and specify the intended site when asking questions in multi-site environments.
功能分析
Type: OpenClaw Skill
Name: unifi-advisor
Version: 1.0.1
The unifi-advisor skill is a read-only tool designed to query UniFi network state via the official Ubiquiti cloud API (api.ui.com). The Python script (scripts/unifi.py) uses standard libraries to perform GET requests, handles authentication via a user-provided UNIFI_API_KEY, and implements a local cache in ~/.unifi-skill.json. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, or prompt-injection attacks within the instructions.
能力标签
能力评估
Purpose & Capability
The stated purpose is consistent across README, SKILL.md, and the visible script: query UniFi Site Manager and Network Integration APIs with GET-only operations. The capability is sensitive because it can reveal devices, clients, firewall, VPN, RADIUS, voucher, and site information across a UniFi account.
Instruction Scope
Instructions are scoped to documented subcommands and repeatedly state read-only, GET-only use. No prompt-injection, goal override, hidden write workflow, or approval-bypass instruction is evident in the provided artifacts.
Install Mechanism
There is no install spec and only a Python script is required, but the registry metadata lists the source as unknown and no homepage, which reduces provenance clarity for a credential-using skill.
Credentials
Use of python3, api.ui.com, and UNIFI_API_KEY is proportionate to the UniFi integration. Users should still treat the returned network inventory and configuration data as sensitive.
Persistence & Privilege
No elevated privileges or background service are shown. The script does persist a short-lived site library cache in the user's home directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install unifi-advisor - 安装完成后,直接呼叫该 Skill 的名称或使用
/unifi-advisor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
added refernce to github source
v1.0.0
Initial public release.
元数据
常见问题
UniFi Advisor 是什么?
Read-only UniFi network advisor covering the Site Manager cloud API and the Network Integration API. Query devices, clients, networks, firewall zones and pol... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 37 次。
如何安装 UniFi Advisor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install unifi-advisor」即可一键安装,无需额外配置。
UniFi Advisor 是免费的吗?
是的,UniFi Advisor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
UniFi Advisor 支持哪些平台?
UniFi Advisor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 UniFi Advisor?
由 arseni-mik(@arseni-mik)开发并维护,当前版本 v1.0.1。
推荐 Skills