ClawHub
Back to skill

Security audit

Domain Research Tool

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed domain lookup and reporting skill that makes expected outbound domain-research requests when invoked.

Install only if you want an agent to perform domain research. Expect outbound lookups to registries, WHOIS/DNS infrastructure, public resolvers, target HTTPS endpoints, and common subdomains. Use batch and subdomain checks only for domains you are authorized to assess, and open generated HTML reports cautiously because they contain third-party lookup data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list contains broad terms such as 'WHOIS', 'DNS查询', 'SSL证书', and 'domain lookup/domain research', which are common phrases that may appear in general conversation. Overbroad triggers can cause unintended invocation of a skill that performs network queries and file output, expanding the chance of accidental data exposure, unnecessary external requests, or unsafe execution in the wrong context.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The subdomain enumeration routine actively probes many hostnames via concurrent DNS requests without any explicit warning, rate limiting, or consent messaging. In an agent skill context, this can cause unintended scanning of third-party infrastructure, surprise users about outbound activity, and create policy/compliance issues even though the technique is relatively low impact compared with port scanning.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Full research mode chains multiple external lookups (RDAP, WHOIS, DNS, SSL, multi-resolver checks) and may automatically launch subdomain enumeration when the domain resolves, without clearly surfacing that breadth of outbound activity. In a skill environment, this increases the risk of unanticipated third-party network interactions, privacy concerns, and use as a reconnaissance primitive against arbitrary domains.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal