ClawHub

Domain Registration

v1.0.0

Register, transfer, renew, and secure domains across major provider APIs and dashboards with provider-specific workflows and rollback-safe execution.

0· 286·1 current·1 all-time
byIván@ivangdavila

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ivangdavila/domain-registration.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Domain Registration" (ivangdavila/domain-registration) from ClawHub.
Skill page: https://clawhub.ai/ivangdavila/domain-registration
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl, jq, dig, whois
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install ivangdavila/domain-registration

ClawHub CLI

Package manager switcher

npx clawhub@latest install domain-registration
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the requested capabilities. Required binaries (curl, jq, dig, whois) are appropriate for registrar API calls, JSON parsing, DNS checks, and WHOIS lookups. Provider coverage and playbooks align with the stated purpose. One minor mismatch: example CLI snippets reference placeholders like ${PROVIDER_TOKEN} and ${PROVIDER_API} even though the skill declares no required env vars; this appears to be placeholders for runtime-supplied credentials rather than unexpected secrets requests.
Instruction Scope
SKILL.md and the included playbooks limit actions to provider API/dashboard interactions, DNS validation, and local audit files in ~/domain-registration/. The instructions explicitly gate billing/ownership writes with user confirmation and instruct the agent not to store raw credentials in memory files. There are no instructions to read unrelated system files or exfiltrate data to unknown endpoints. Note: the skill includes curl examples that assume provider tokens/URLs will be supplied at runtime; ensure those tokens are provided securely and not written into the skill's memory files.
Install Mechanism
Instruction-only skill with no install spec or remote downloads; nothing is written by an installer and no external packages are pulled. This is low-risk from an installation standpoint.
Credentials
The skill declares no required environment variables or primary credential, but the documentation clearly expects provider API credentials/auth models (API keys, tokens, IAM roles) for many actions. This is not necessarily malicious — it appears to expect credentials to be supplied interactively or via the user's normal credential management — but the skill does not declare or manage those secrets itself. Users should confirm how and where they will provide API keys (environment, secret manager, or manual dashboard use) and avoid storing raw tokens in the ~/domain-registration/ files as the docs advise.
Persistence & Privilege
The skill is not always-enabled, can be invoked by the user, and is allowed autonomous invocation (platform default). It writes operational state under a dedicated ~/domain-registration/ directory, which is appropriate for its function. It does not request system-wide privileges or modify other skills. There is no indication of excessive persistence requirements.
Assessment
This skill appears to be what it says: a set of playbooks and checklists for registrar APIs and dashboard flows that will create a ~/domain-registration/ directory to store operational notes and logs. Before installing or using it: 1) Decide where you'll keep registrar API credentials (do not store them in the memory files the skill creates); 2) Be prepared to approve any billing actions manually — the skill emphasizes ask-first for purchases/transfers; 3) Back up current DNS/WHOIS state before allowing the skill to perform changes; and 4) If you plan to let the agent use provider APIs, supply credentials via a secure secret manager or prompt at runtime rather than putting secrets into the skill's files. Overall the package is coherent and low installation risk, but treat API keys and payment/billing steps carefully.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🌐 Clawdis
OSLinux · macOS · Windows
Binscurl, jq, dig, whois
latestvk97bgsb5wa3hjvsva0ydsvvhe582ah0g
286downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Linux, macOS, Windows
Iván@ivangdavila
latest
Download

Setup

On first use, read setup.md to align activation boundaries, provider preferences, and approval rules before any registration, transfer, or renewal action.

When to Use

Use this skill when the user needs domain registration operations across major providers and must choose between API automation and dashboard execution.

Use this for first-time registration, transfer planning, renewals, ownership checks, DNS handoff, and registrar security hardening where billing and service continuity are high impact.

Architecture

Memory lives in ~/domain-registration/. See memory-template.md for structure and status values.

~/domain-registration/
|-- memory.md              # Provider preferences, risk boundaries, and approval model
|-- inventory.md           # Domain inventory, provider, expiry, and lock status
|-- changes.md             # Registration, transfer, and renewal action log
|-- providers.md           # Account aliases, API readiness, and dashboard access notes
`-- incidents.md           # Failed transfers, renewal misses, and mitigation history

Quick Reference

Use the smallest file needed for the current task.

TopicFile
Setup and activation behaviorsetup.md
Memory structure and status modelmemory-template.md
Provider API and dashboard matrixprovider-matrix.md
New registration workflows by providerregistration-playbooks.md
Transfer and renewal execution patternstransfer-renewal.md
DNS and account security controlsdns-security-controls.md

Provider Coverage

This skill covers API and dashboard workflows for major domain providers.

ProviderAPI CoverageDashboard CoveragePrimary Use Notes
GoDaddyPublic Domains APIYesBroad retail registrar operations
NamecheapXML APIYesDomain lifecycle plus full DNS replace patterns
Route 53 Domains (AWS)AWS Route53Domains APIYesEnterprise workflows via IAM-scoped automation
Cloudflare RegistrarDNS and zone API + registrar-adjacent opsYesRegistration lifecycle mostly dashboard-driven
Google Cloud DomainsCloud Domains APIYesPortfolio management in Google Cloud projects
Squarespace DomainsNo public registrar APIYesDashboard-only lifecycle for Google Domains migrations
DynadotPublic APIYesCost-efficient registration and renewal workflows
PorkbunPublic JSON APIYesFast API-first retail and small portfolio use
Name.comPublic REST APIYesProgrammatic registration and transfer actions
GandiPublic v5 APIYesEU-focused registrar and DNS lifecycle controls
OVHcloud DomainsPublic APIYesRegional portfolio with API-backed operations
Tucows OpenSRS / EnomReseller APIsYes (reseller panels)Reseller and wholesale portfolio operations

Core Rules

1. Classify Provider and Interface Before Planning

  • Identify registrar, account context, and whether the operation should run via API or dashboard.
  • If API support is partial, split execution clearly: API for read/validation, dashboard for billing-sensitive writes.

2. Run Registration Preflight Every Time

  • Validate domain availability from the target registrar directly, then confirm TLD rules, premium status, and renewal price.
  • Confirm legal/trademark risk and required contact profile before submitting payment actions.

3. Choose the Lowest-Risk Execution Path

  • Prefer API for repeatable bulk operations with audit logs; prefer dashboard when provider APIs do not expose required lifecycle steps.
  • For first-time provider usage, run one-domain pilot before any batch purchase or transfer.

4. Gate Billing and Ownership Actions with Explicit Confirmation

  • Registration, transfer, auto-renew changes, and WHOIS contact writes need explicit user confirmation.
  • Confirm domain list, years, currency impact, and ownership target before execution.

5. Preserve Rollback State Before Mutating DNS or Nameservers

  • Snapshot current DNS and nameserver state before transfer or registrar migration.
  • Keep rollback-ready records so the prior state can be restored quickly if propagation or ownership validation fails.

6. Enforce Registrar Security Baseline Post-Registration

  • Enable account 2FA, registrar lock, and renewal monitoring immediately after successful purchase or transfer.
  • Add DNSSEC only after authoritative DNS compatibility is confirmed for the target provider.

7. Verify Outcomes and Log Durable Context

  • Verify success with provider API/dashboard confirmation plus resolver-level checks (dig, WHOIS status, nameserver visibility).
  • Update ~/domain-registration/ memory files with provider choice, lifecycle dates, and known edge cases.

Common Traps

  • Treating all providers as API-equivalent -> missing lifecycle steps because some registrars are dashboard-only for critical actions.
  • Skipping premium renewal checks -> surprise annual billing that exceeds initial purchase assumptions.
  • Running batch registration without one-domain pilot -> multiplied failures from bad contact, tax, or payment configuration.
  • Forgetting 60-day transfer lock rules -> transfer plans fail despite valid auth codes.
  • Replacing DNS records without full snapshot -> incomplete rollback during cutover incidents.
  • Enabling DNSSEC before DS/zone readiness -> domain resolution failures after migration.
  • Leaving domains without renewal monitoring -> avoidable expiration and brand abuse risk.

External Endpoints

EndpointData SentPurpose
https://api.godaddy.comDomain queries, registration and management payloadsGoDaddy API lifecycle operations
https://sso.godaddy.comAuthenticated account actionsGoDaddy dashboard operations
https://api.namecheap.com/xml.responseDomain and DNS XML parametersNamecheap API actions
https://ap.www.namecheap.comAccount and billing interactionsNamecheap dashboard operations
https://route53domains.us-east-1.amazonaws.comDomain lifecycle API payloads via AWS signaturesRoute 53 Domains automation
https://console.aws.amazon.comAccount and domain dashboard actionsAWS console execution and validation
https://api.cloudflare.comZone and registrar-adjacent configuration payloadsCloudflare DNS and registrar workflow support
https://dash.cloudflare.comRegistrar and account dashboard actionsCloudflare registrar lifecycle tasks
https://domains.googleapis.comCloud Domains API requestsGoogle Cloud Domains operations
https://console.cloud.google.comCloud Domains dashboard actionsGoogle Cloud portfolio management
https://account.squarespace.comAccount and domain dashboard interactionsSquarespace Domains lifecycle actions
https://api.dynadot.comDomain command parametersDynadot API operations
https://porkbun.com/api/json/v3Domain and DNS JSON payloadsPorkbun API lifecycle operations
https://api.name.comDomain, DNS, and transfer payloadsName.com API actions
https://api.gandi.netDomain and DNS JSON payloadsGandi v5 API operations
https://api.ovh.comDomain lifecycle API payloadsOVHcloud domain operations
https://api.opensrs.comReseller domain payloadsTucows OpenSRS operations
https://reseller.enom.com/interface.aspReseller panel interactionsEnom dashboard and reseller lifecycle actions

No other data is sent externally.

Security & Privacy

Data that leaves your machine:

  • Registrar API requests and dashboard session traffic needed for domain lifecycle operations.
  • Domain names, contact metadata, and operation parameters required by selected providers.

Data that stays local:

  • Operational preferences and provider context in ~/domain-registration/.
  • Change history, rollback state references, and incident notes.

This skill does NOT:

  • Execute undeclared endpoints.
  • Approve billing-impacting domain actions without explicit confirmation.
  • Store credentials in skill files.
  • Bypass provider security or anti-abuse controls.

Trust

This skill can send domain lifecycle data to third-party registrar services when the user approves execution. Only install if you trust the selected providers and local credential handling practices.

Related Skills

Install with clawhub install <slug> if user confirms:

  • dns - DNS records, propagation behavior, and incident troubleshooting
  • api - API request design, authentication, and failure handling
  • hosting - Hosting cutovers coordinated with domain and DNS transitions
  • ssl - Certificate validation and HTTPS recovery after DNS or registrar changes
  • infrastructure - Environment architecture and operations runbooks

Feedback

  • If useful: clawhub star domain-registration
  • Stay updated: clawhub sync

Comments

Loading comments...