Back to skill

Security audit

domain name generator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only domain naming helper that uses a disclosed DomainKits connection, with ordinary privacy and API-key considerations.

Install this if you are comfortable sending domain ideas, project descriptions, and candidate names to DomainKits for availability checks. Avoid sharing confidential business details unless needed, keep the DomainKits API key in the approved secret or environment store, and only enable monitoring when you intentionally want ongoing tracking for a domain.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger text is unusually broad and explicitly says to activate on vague project descriptions like 'I'm starting a coffee shop' or 'I'm building an AI writing tool.' That can cause unintended invocation for users who are discussing a project generally rather than asking for domain help, which may route user content into this skill and its external tooling unnecessarily.

External Transmission

Medium
Category
Data Exfiltration
Content
{
  "mcpServers": {
    "domainkits": {
      "baseUrl": "https://api.domainkits.com/v1/mcp"
    }
  }
}
Confidence
76% confidence
Finding
https://api.domainkits.com/

External Transmission

Medium
Category
Data Exfiltration
Content
{
  "mcpServers": {
    "domainkits": {
      "baseUrl": "https://api.domainkits.com/v1/mcp",
      "headers": {
        "X-API-Key": "$env:DOMAINKITS_API_KEY"
      }
Confidence
88% confidence
Finding
https://api.domainkits.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.