Subdomain Hunter
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to match its subdomain-recon purpose, but it performs active DNS/network checks and has licensing/provenance details users should verify.
Install only after reviewing the complete source. Run scans only on domains you own or have written permission to test, expect DNS/HTTPS network activity despite the passive wording, and verify payment links/pricing and license-file handling before using paid features.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the tool can generate reconnaissance traffic and may create legal or policy risk if used on domains the user does not own or have permission to test.
The source attempts DNS zone-transfer traffic and DNS brute-force/resolution for a user-supplied domain.
sock.connect((ns_ip, 53)) ... sock.send(query) ... candidates = [f"{name}.{domain}" for name in wordlist]Use it only for owned or explicitly authorized domains, and require explicit user confirmation before scanning any third-party target.
A user may underestimate the network activity and authorization requirements of the scan.
This passive-sounding claim can understate the active DNS resolution, DNS AXFR attempt, bruteforce, and SSL certificate fallback behavior shown in the source.
Reconnaissance-grade discovery without sending active probes.
Treat the tool as active DNS reconnaissance, and update documentation to clearly distinguish passive CT lookup from active DNS/SSL checks.
The skill may inspect local licensing information or environment variables when premium features are used, though the visible code does not transmit them.
The code reads an optional local license key and licensing email, while the registry metadata declares no required env vars or config paths.
LICENSE_FILE = Path.home() / ".edgeiq" / "license.key" ... os.environ.get("EDGEIQ_LICENSE_KEY", "") ... os.environ.get("EDGEIQ_EMAIL", "")Declare optional license-related env vars and config paths in metadata, and avoid placing unrelated credentials in these variables or files.
Installing from the external repo or unpinned package could introduce code that differs from the reviewed artifacts.
The README points to an external repository and an unpinned optional package even though the registry source is unknown and there is no install spec.
git clone https://github.com/snipercat69/edgeiq-subdomain-hunter.git ... pip install python-whois
Verify the repository owner and contents, pin dependency versions where possible, and review the complete source before installing.