Domain availability API built for AI agents. Check single domains, explore names across .com/.io/.ai/.dev/etc, filter by budget, get smart suggestions. Returns proper JSON/TXT with correct Content-Type headers.
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a domain registrar helper, but it can also buy domains and change DNS or nameservers, so it needs review before letting an agent use it.
Install only if you want an agent to use ClawDaddy's registrar APIs, not just check availability. Require explicit confirmation before any purchase, DNS record change, or nameserver update, and keep management tokens out of normal chat history or agent memory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting lookup-only behavior and not realize the agent instructions also cover paid registrations and infrastructure changes.
The top-level presentation emphasizes availability and suggestions, while the SKILL.md instructions include paid purchasing and DNS/nameserver management, which are materially higher-impact capabilities.
Name: Domain availability API built for AI agents. Check single domains, explore names across .com/.io/.ai/.dev/etc, filter by budget, get smart suggestions.
Make the registry title, description, and capability metadata clearly disclose purchase, DNS, and nameserver-management authority.
If an agent has payment capability or a management token, it could register a domain or change DNS/nameservers in ways that cost money or disrupt a site.
These are direct state-changing endpoints for paid registration and DNS control. The provided text shows how to call them but does not show an explicit final user-confirmation requirement before mutation.
| Purchase domain | `POST /api/purchase/{domain}?method=x402\|stripe` | None | ... | Configure DNS | `POST /api/manage/{domain}/dns` | Bearer token | ... | Update nameservers | `PUT /api/manage/{domain}/nameservers` | Bearer token |Require explicit user approval after quotes and before any purchase, DNS create/update/delete, or nameserver change; use domain allowlists and show a clear diff of intended changes.
Anyone or any agent with the token may be able to manage the associated domain.
Bearer tokens are expected for registrar management, but this token grants authority over domain management operations.
All management endpoints require the Authorization header: `Authorization: Bearer clwd_your_management_token`
Treat management tokens as secrets, provide them only for the intended domain and task, and revoke or rotate them if exposed.
The management token could be accidentally stored in chat history, long-term memory, or logs and later reused unexpectedly.
The skill instructs retention of a high-value credential but does not specify safe storage boundaries, retention limits, or redaction from general agent memory/logs.
**CRITICAL:** Save the `managementToken` immediately! It's required for all management operations and cannot be retrieved without recovery.
Store the token in a secret manager or other scoped credential store, not general agent memory, and avoid displaying it in shared transcripts.