v1.0.0

IntoDNS

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

This instruction-only skill coherently scans user-specified domains through the public IntoDNS.ai API, with no code, installs, credentials, or persistence.

GuidanceThis skill appears safe for its stated purpose. Before using it, understand that the domain you ask about is submitted to IntoDNS.ai and that generated reports and badge links point back to that service.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Extract the domain from the user's request... The input should be a bare domain like `example.com`.

```bash
curl -s "https://intodns.ai/api/scan/quick?domain=DOMAIN"
```

The skill uses a shell command with a user-supplied domain and sends that domain to an external API. The behavior is disclosed and central to DNS scanning, and the instructions include domain validation, so this is a notice rather than a concern.

User impactThe domain you ask to scan will be sent to IntoDNS.ai, and the agent should keep the input to a valid bare domain before running the curl command.

RecommendationOnly scan domains you are comfortable sharing with IntoDNS.ai, and provide plain domain names such as example.com rather than arbitrary shell text or full URLs.