Skill

pihole

From sundial-org-awesome-openclaw-skills-4

Controls Pi-hole DNS ad blocker via v6 API: check status/stats, enable/disable blocking, view blocked domains/queries. Useful for remote ad block management.

REST API

Bash

infrastructure

monitoring

Install

npx claudepluginhub joshuarweaver/cascade-ai-ml-agents-misc-2 --plugin sundial-org-awesome-openclaw-skills-4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Control your Pi-hole DNS ad blocker via the Pi-hole v6 API.

Supporting Assets

SECURITY_AUDIT.mdpihole.sh

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.2k

mcp-builder

9 files

Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).

anthropics-skills-13

124.2k

canvas-design

20 files

Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.

anthropics-skills-13

124.2k

Stats

Stars586

Forks75

Last CommitFeb 1, 2026

Actions

View Source View Plugin View on GitHub View README

Pi-hole Skill

Control your Pi-hole DNS ad blocker via the Pi-hole v6 API.

Setup

Set your Pi-hole API configuration in Clawdbot config:

skills:
  entries:
    pihole:
      apiUrl: "https://pi-hole.local/api"  # v6 API path
      apiToken: "your-app-password-here"       # Get from Pi-hole Admin
      insecure: false                          # Set to true for self-signed certs

Alternatively, set environment variables:

export PIHOLE_API_URL="https://pi-hole.local/api"
export PIHOLE_API_TOKEN="your-app-password-here"
export PIHOLE_INSECURE="false"

Getting API Credentials

Open Pi-hole Admin at http://pi-hole.local/admin
Navigate to Settings > API
Generate an app password
Use that password as apiToken

Capabilities

Status

Get current Pi-hole status (enabled/disabled)
View stats: queries blocked, queries today, domains being blocked, active clients
See recent query activity

Controls

Enable/Disable: Turn Pi-hole on or off
Disable for 5 minutes: Temporarily disable ad blocking for a short period
Disable for custom duration: Set specific disable time (in minutes)

Block Analysis

Check blocked domains: See what domains were blocked in a time window
Show top blocked: Most frequently blocked domains

Usage Examples

# Check Pi-hole status
"pihole status"

# Turn off ad blocking
"pihole off"

# Turn on ad blocking
"pihole on"

# Disable for 5 minutes (for a site that needs ads)
"pihole disable 5m"

# Disable for 30 minutes
"pihole disable 30"

# See what was blocked in the last 30 minutes
"pihole blocked"

# See blocked domains in last 10 minutes (600 seconds)
"pihole blocked 600"

# Show statistics
"pihole stats"

API Endpoints (Pi-hole v6)

Authentication

POST /api/auth
Content-Type: application/json
{"password":"your-app-password"}

Response:
{
  "session": {
    "sid": "session-token-here",
    "validity": 1800
  }
}

Status

GET /api/dns/blocking
Headers: sid: <session-token>

Response:
{
  "blocking": "enabled" | "disabled",
  "timer": 30  // seconds until re-enable (if disabled with timer)
}

Enable/Disable

POST /api/dns/blocking
Headers: sid: <session-token>
Content-Type: application/json

Enable:
{"blocking":true}

Disable:
{"blocking":false}

Disable with timer (seconds):
{"blocking":false,"timer":300}

Stats

GET /api/stats/summary
Headers: sid: <session-token>

Response:
{
  "queries": {
    "total": 233512,
    "blocked": 23496,
    "percent_blocked": 10.06
  },
  "gravity": {
    "domains_being_blocked": 165606
  },
  "clients": {
    "active": 45
  }
}

Queries

GET /api/queries?start=-<seconds>
Headers: sid: <session-token>

Response:
{
  "queries": [
    {
      "domain": "example.com",
      "status": "GRAVITY",
      "time": 1768363900,
      "type": "A"
    }
  ]
}

v5 vs v6 API Changes

Pi-hole v6 introduced significant API changes:

Feature	v5 API	v6 API
Base URL	`/admin/api.php`	`/api`
Auth	Token in URL/headers	Session-based
Status	`?status`	`/api/dns/blocking`
Stats	`?summaryRaw`	`/api/stats/summary`
Queries	`?recentBlocked`	`/api/queries`
Whitelist	Supported via API	Not available via API

Important: Domain whitelisting is no longer available via the v6 API. You must whitelist domains through the Pi-hole Admin UI.

SSL Certificates

Production (Valid Cert)

{
  "apiUrl": "https://pi-hole.example.com/api",
  "apiToken": "...",
  "insecure": false
}

Self-Signed/Local Cert

{
  "apiUrl": "https://pi-hole.local/api",
  "apiToken": "...",
  "insecure": true
}

The insecure flag adds the -k option to curl to bypass certificate validation.

Security Notes

Session tokens expire after 30 minutes (1800 seconds)
API password is sent in JSON body, not URL
All requests have a 30-second timeout
Token is not visible in process list (passed via environment)

Troubleshooting

"Failed to authenticate"

Check that apiToken matches your Pi-hole app password
Verify apiUrl is correct (must end in /api)
Ensure Pi-hole is accessible from your network

"Could not determine status"

Check API URL is reachable
If using HTTPS with self-signed cert, set insecure: true
Verify API password is correct

Network Errors

Ensure clawdbot's machine can reach the Pi-hole
Check firewall rules allow API access
Verify URL scheme (http vs https)

Requirements

Pi-hole v6 or later
App password generated in Pi-hole Admin
Network access to Pi-hole API
curl, jq (installed on most Unix systems)