Control AVM FRITZ!Box routers and Smarthome devices via TR-064 and Web API. Use when the user wants to manage their FRITZ!Box router (WLAN, connected devices...
Security Analysis
medium confidenceThis appears to be a legitimate FRITZ!Box control skill, but it uses router credentials and can make disruptive network or smart-home changes.
The capability is coherent with the stated purpose: router status, WLAN control, reconnect, host listing, and FRITZ!DECT device control are all disclosed. The noteworthy part is the high-impact nature of some actions.
The skill explicitly requires user confirmation before WLAN on/off, reconnect, and smart-home switching actions, and says to invoke them only after a clear specific request.
There is no automatic install spec, but the docs/requirements use a normal Python dependency path with an unpinned lower-bound requests dependency.
The requested FRITZBOX_HOST and FRITZBOX_PASSWORD are proportionate for controlling a local router, but they are high-value credentials and must be scoped to the user's own FRITZ!Box.
No background worker, startup persistence, self-propagation, or persistent agent memory is shown. Privilege is limited to the configured router account when the skill is invoked.
Guidance
Install only if you want an agent to manage your FRITZ!Box. Use a limited FRITZ!Box account, keep credentials in a protected dedicated .env file, verify the host is your own router, and require explicit confirmation before WLAN, reconnect, or smart-home switching actions.
Latest Release
v1.0.5
Security: pre-build auth object in __init__ to break static taint path
Popular Skills
Published by @first-it-consulting on ClawHub
