Use when asked to manage UniFi network - list/restart/upgrade devices, block/unblock clients, manage WiFi networks, control PoE ports, manage traffic rules, create guest vouchers, or any UniFi controller task. Works with UDM Pro/SE, Dream Machine, Cloud Key Gen2+, or self-hosted controllers.
Security Analysis
medium confidenceThe skill appears to implement legitimate UniFi controller management but the registry metadata omits required credentials and the runtime code/instructions contain several choices (storing plaintext creds in .env, disabling SSL verification, and asking for a Super Admin account) that warrant caution before installing.
The skill's functionality (UniFi management) matches the name and description — the code uses aiounifi and exposes appropriate controller operations. However, the registry declares no required environment variables or primary credential, while the SKILL.md and script clearly require UNIFI_HOST, UNIFI_USERNAME, and UNIFI_PASSWORD (and optionally UNIFI_SITE, UNIFI_IS_UDM). The metadata omission is an incoherence that should be corrected.
The SKILL.md stays within the stated purpose and gives explicit CLI usage. It instructs the user to create a dedicated local admin account and to save controller credentials to a .env file. This is expected for controller management, but it also requests a Super Admin (or Site Admin) account — a high privilege level — and directs storing plaintext credentials locally, which broadens the risk profile.
There is no install spec (instruction-only skill) and no external downloads; the script lists Python dependencies in comments but does not attempt remote installs. This is lower risk from an installation perspective, but users must manually install/verify the declared dependencies.
The skill requires direct controller credentials (UNIFI_HOST, UNIFI_USERNAME, UNIFI_PASSWORD) but the registry metadata does not declare them. Asking for Super Admin credentials is high privilege; while many actions require admin rights, the request should be explicit in metadata. The SKILL.md recommends saving credentials to an unencrypted .env file, which is insecure. The code also disables SSL verification (ssl_context=False) to accept self-signed certs, reducing TLS protection.
The skill is not always-enabled and does not request persistent platform privileges. However, because it can be invoked autonomously (default) and would hold network-admin credentials, an agent could make changes without interactive confirmation; users should be comfortable with that level of autonomous access before enabling the skill.
Guidance
This skill looks like a real UniFi management tool, but there are a few red flags to consider before installing: (1) the registry metadata does not declare the UNIFI_* environment variables that the script and SKILL.md require — confirm where credentials will be stored and why the metadata omits them; (2) the skill asks you to create/use a Super Admin account and to store the password in a plaintext .env file — prefer a least-privilege account if possible, use a dedicated account, and avoid long-term plaintext storage; (3) the code disables SSL verification (accepts self-signed certs) which weakens TLS checks — consider securing your controller certificate instead of disabling verification; (4) because the agent can invoke this skill autonomously and it has network-admin credentials, limit who/what can call it and consider interactive-only invocation if you want manual approval for destructive actions; (5) review the full script yourself (or have a trusted admin do so) for any hidden network calls or telemetry before providing credentials, and rotate the account password after initial setup. If you can't inspect the code or confirm the author, treat the skill as higher risk and avoid providing high-privilege credentials.
Latest Release
v1.0.1
- Adds documentation for new commands: enable/disable switch ports, per-item details for port forwards, traffic routes, firewall policies/zones, DPI apps/groups. - Documents new commands for toggling traffic rule states and changing WLAN passwords. - Expands command usage examples and explanations for greater coverage and clarity.
More by @araa47
Published by @araa47 on ClawHub
