Back to skill
Skillv1.1.0
ClawScan security
Domain Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 4:07 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's scripts and instructions match its stated purpose (checking domain availability via whois + DNS) and request no credentials or unusual system access.
- Guidance
- This skill appears to do what it says: run the included Python or bash script to check whois + DNS for domains. Before installing/running: ensure your environment allows outbound WHOIS (TCP port 43) and DNS lookups, avoid running very large batches without respecting rate limits (script sleeps 1s), and understand results can be imperfect (premium/marketplace listings or registrar edge cases are not detected). Note the small doc/code mismatch: the Python comment mentions an HTTP whois fallback but the code uses direct port 43 whois only. If you need registrar pricing or guaranteed up-to-date results, use official registrar APIs instead.
Review Dimensions
- Purpose & Capability
- okName/description match the included files: both Python and bash scripts perform whois queries and DNS checks for TLDs listed in the SKILL.md. Network access to whois servers and DNS resolution is necessary and expected.
- Instruction Scope
- noteSKILL.md's runtime instructions stay within the stated purpose (run the included scripts, pipe domains, respect rate limits). Minor inconsistency: SKILL.md and the Python docstring mention an HTTP whois API fallback via urllib, but the Python code implements direct whois over TCP port 43 and DNS lookups only (no urllib usage). Otherwise the scripts only perform network queries relevant to domain checking and do not read unrelated files or env vars.
- Install Mechanism
- okNo install spec (instruction-only), no downloads or package installs. The code files are provided in the skill bundle; nothing is written to disk by an installer step beyond the natural act of running the included scripts.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. It requires outbound network access (TCP port 43 to whois servers and standard DNS resolution) which is appropriate and proportional to domain availability checks.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated platform privileges, nor does it modify other skills or system-wide settings.