Subdomain Enumerator
v1.0.0Discovers and enumerates all subdomains associated with a target domain using deep reconnaissance techniques.
⭐ 0· 134·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name and description match the provided SKILL.md and openapi.json: it documents a remote API for subdomain enumeration. It does not request unrelated binaries, creds, or local access, so the requested footprint is proportionate for a remote API wrapper.
Instruction Scope
The SKILL.md stays within the stated purpose (enumeration via an API) and does not instruct reading local files or environment variables. However it clearly refers to external endpoints (api.mkkpro.com, toolweb.in) and implies sending target domains to those third parties; the SKILL.md does not document any local data collection or other out‑of‑scope actions.
Install Mechanism
No install spec or code is included (instruction-only), so nothing will be written to disk or installed. This is the lowest‑risk installation posture.
Credentials
The skill declares no environment variables or credentials, which is consistent with an API wrapper that may offer a free tier. That said, the SKILL.md references paid plans and API portals but provides no guidance about authentication; an API key or account may be required in practice even though none are declared.
Persistence & Privilege
The skill does not request persistent presence (always is false) and does not ask to modify other skills or system settings. It does not request elevated privileges.
Assessment
This skill is a documentation-only wrapper around a third‑party subdomain enumeration API (toolweb / api.mkkpro). Before installing or invoking it: (1) Confirm you are authorized to scan any domain you send—do not enumerate domains you do not own or have permission to test. (2) Understand that the target domain names (and any data returned) will be sent to external services (api.mkkpro.com / toolweb.in); review their privacy/TOS. (3) Check whether the API actually requires an API key or account (SKILL.md doesn't declare credentials) and verify pricing/quotas. (4) If you plan to enumerate internal or sensitive targets, prefer an in‑house tool or one you control rather than a third‑party service. If you want higher assurance, ask the publisher for the server base URL and auth requirements or request source code / provenance.Like a lobster shell, security has layers — review code before you run it.
latestvk978f282f24rs696a30f2z9nmh8388er
License
MIT-0
Free to use, modify, and redistribute. No attribution required.