Domain availability API built for AI agents. Check single domains, explore names across .com/.io/.ai/.dev/etc, filter by budget, get smart suggestions. Returns proper JSON/TXT with correct Content-Type headers.

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent domain registrar integration, but it gives agents purchase and DNS-management instructions without clear confirmation safeguards for high-impact changes.

Install only if you want an agent to manage real domain registrations and DNS through ClawDaddy. Require explicit approval before purchases, DNS record deletion or overwrite, nameserver changes, settings changes, or transfer preparation, and keep management tokens in a secret store rather than normal chat history or agent memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents high-impact DNS and nameserver modification operations and provides workflow examples that perform them directly, but it does not instruct the agent to obtain explicit user confirmation or warn about service disruption. In an agent setting, changing nameservers or DNS can immediately break websites, email delivery, verification flows, or transfer control to another provider, so omission of confirmation safeguards is dangerous.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal