Domain Trust Check
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward URL reputation checker, with the main consideration that checked URLs are sent to Outtake and require an Outtake API key.
This skill appears safe and purpose-aligned for checking suspicious links. Before installing or using it, make sure you are comfortable sending checked URLs to Outtake, protect the OUTTAKE_API_KEY, and only provide optional registration fields such as a wallet address if you actually need the related bounty functionality.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is exposed, someone else may be able to use the user's Outtake access or quota.
The skill requires a bearer API key for Outtake access. This is expected for the service integration, but it is still account-linked credential material.
"requires": { "env": ["OUTTAKE_API_KEY"], "bins": ["curl"] } ... Authorization: Bearer $OUTTAKE_API_KEYStore OUTTAKE_API_KEY in a secure environment or secret manager, avoid pasting it into chats or logs, and rotate it if it is exposed.
Outtake can receive and process the full URLs being checked, which may include private paths, invite links, tracking IDs, or query-string tokens.
The skill sends URLs, including potentially email/message links, to an external provider for reputation checking. This is central to the skill's purpose and is clearly disclosed.
Use when: ... scanning links in emails/messages ... curl -s -X POST https://app.outtake.ai/api/v1/trust/check ... -d '{"url": "https://suspicious-site.com"}'Avoid submitting sensitive internal or tokenized URLs unless that data sharing is acceptable; strip unnecessary query parameters when possible.