Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Domainion Ops
v1.0.0Domain and DNS operations across name.com (default), GoDaddy, and Namecheap. Use for registering domains, flipping nameservers, managing DNS records (A, AAAA...
⭐ 0· 327·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (multi-registrar domain/DNS operations) align with the documented API calls in the reference files — the curl examples and API flows are consistent with name.com, GoDaddy, and Namecheap functionality. However, the registry metadata declares no required environment variables or binaries while the SKILL.md clearly expects multiple provider API credentials and use of CLI tools (curl, dig, grep, xmllint, python3). This metadata/instruction mismatch is unexpected and should be clarified.
Instruction Scope
The SKILL.md explicitly instructs the agent to verify credentials in environment variables or in ~/.domainion and to prompt the user if credentials are missing; it also contains many shell command examples (curl, dig, xmllint, python3, grep). Because the skill is instruction-only, those commands would be executed by the agent runtime environment — yet the registry does not declare those binaries. The instructions also recommend using ifconfig.me to detect client IP for Namecheap (this leaks your IP to an external service) and advise storing credentials in a file in the home directory (~/.domainion), which is a persistence and secrecy concern. The guide's guardrails (don't print tokens) are good, but the instructions give broad discretion to read environment/home files and run network commands, which increases risk if the skill is invoked without user supervision.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only. That lowers risk from arbitrary code installs because nothing will be pulled or executed on disk by an installer. The security surface is entirely the runtime instructions the agent will follow.
Credentials
Although the registry lists no required env vars, the SKILL.md requires multiple provider credentials (NAMECOM_USERNAME, NAMECOM_TOKEN, GODADDY_API_KEY, GODADDY_API_SECRET, NAMECHEAP_USERNAME, NAMECHEAP_API_KEY, NAMECHEAP_CLIENT_IP) and suggests storing them in env or ~/.domainion. Requesting those provider keys is proportional to domain management, but the omission from declared requirements is an incoherence. Also requesting NAMECHEAP_CLIENT_IP (and suggesting discovery via ifconfig.me) exposes your public IP to a third-party service — reasonable for Namecheap's IP-whitelist workflow but should be called out explicitly in metadata. Overall, secrets handling guidance is weak (plaintext file) and the platform metadata should list the envs so users and the agent platform can apply secret protections.
Persistence & Privilege
always is false (good) and disable-model-invocation is default (agent may call it autonomously). The SKILL.md suggests storing credentials in ~/.domainion, which would create persistent local secrets if followed — this is a user-level design choice rather than an encoded install. Because the skill can be invoked by the agent and has instructions to check local env/files for creds, the combination of autonomous invocation + undeclared secrets storage is something to be careful about, though not malicious by itself.
What to consider before installing
What to consider before installing and using this skill:
- Source verification: The skill has no homepage and an unknown source. Prefer skills from known authors or with a verifiable homepage.
- Metadata mismatch: The registry declares no required env vars or binaries, but SKILL.md expects multiple API keys and CLI tools (curl, dig, xmllint, python3, grep). Confirm with the publisher or platform how secrets and required system tools are handled before use.
- Secrets handling: SKILL.md suggests storing provider API keys in environment variables or in ~/.domainion (a plaintext file). Do not store long-lived credentials in plaintext if you can avoid it — use your platform's secret storage, short-lived or least-privilege API keys, or sandbox/test accounts. Only provide keys at the moment of an interactive operation if possible.
- Namecheap IP whitelist: Namecheap requires a whitelisted client IP. The skill suggests using ifconfig.me to detect your IP — that makes an external request and reveals your public IP to that service. If you must use Namecheap, prefer a controlled method to determine IP (your corporate NAT address, an internal check) rather than a public probe.
- Required tools: The skill's examples depend on command-line tools (curl, dig, grep, xmllint, python3). Ensure your agent runtime/environment has those tools and understand that the agent may execute network-facing commands.
- Minimizing blast radius: Create and use limited-scope API keys where possible (sandbox/test keys, readonly keys for checks). Avoid giving full account keys unless absolutely needed (e.g., purchases). Monitor and revoke keys after use if feasible.
- Supervision and prompts: The skill's instructions say to prompt for creds if missing. Prefer interactive invocation only (do not enable automatic/autonomous invocation for this skill) and confirm destructive actions (nameserver changes, full zone replaces) each time.
- Questions to ask the publisher/platform before installing: Why metadata omits required env vars and binaries? Will the platform treat the listed provider env names as secrets and encrypt/store them? Can the skill be limited to interactive invocation only? Is there an official maintainer or homepage for support?
Given the coherence of the API examples but the metadata mismatches and weak secret-storage guidance, proceed only after clarifying the above points, using limited/sandbox credentials, and avoiding storing secrets in plaintext.Like a lobster shell, security has layers — review code before you run it.
latestvk970qb1yjah8ajxcdg3d4zjn81826nx0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.