INWX

The skill's code, manifest, and instructions are consistent with an INWX registrar integration that requires INWX account credentials; nothing in the package indicates unexplained or disproportionate access.

This plugin appears to do exactly what it says: it talks to the INWX API and exposes read and write domain/DNS operations. Before installing and supplying credentials: 1) Only provide an INWX account username/password (and optional 2FA secret) you trust the plugin to use — consider using a dedicated test account or OTE sandbox for initial testing. 2) Use readOnly=true or allowedOperations to limit write capabilities when you only need queries. 3) Installing via npm will pull domrobot-client from the npm registry; if you require strict supply-chain assurance, review the published npm package and its dependencies. 4) If you call provisionDomainWithHosting, note it will invoke whatever ISPConfig toolset you supply — ensure that toolset is trustworthy. If you want additional assurance, run the included unit tests and (safely) the OTE integration tests in an isolated environment first.