Domain Trust Check

URL safety scanner and domain reputation checker. Use when: checking if a URL is safe before visiting, scanning links in emails/messages, verifying domains f...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 362 · 0 current installs · 0 all-time installs

byhola@jamesOuttake

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (URL safety / domain reputation) align with the declared requirements: curl and OUTTAKE_API_KEY. All endpoints referenced are under app.outtake.ai and the included reference doc documents the same API surfaces. No unrelated services, binaries, or config paths are requested.

✓

Instruction Scope

SKILL.md contains concrete curl examples for single and batch checks and a small registration flow to obtain OUTTAKE_API_KEY. It does not instruct the agent to read arbitrary files, credentials, or other environment variables, nor does it direct data to endpoints outside Outtake. Note: URLs (which may contain sensitive tokens) are sent to the third‑party Outtake API as intended by the skill.

✓

Install Mechanism

No install spec or code to download — the skill is instruction-only and relies on existing curl being present. This is the lowest-risk install model and matches the declared required binary.

✓

Credentials

Only a single API credential (OUTTAKE_API_KEY) is required and is justified by the documented Bearer auth. No unrelated secrets, keys, or config paths are requested. The SKILL.md uses that same environment variable and does not reference other undeclared env vars.

✓

Persistence & Privilege

always is false (not force-included) and model invocation is allowed (platform default). The skill does not request persistent system changes, does not modify other skills, and does not require elevated privileges. Autonomous invocation is normal and not by itself a concern here.

Assessment

This skill is coherent with its stated purpose: it sends URLs to Outtake's trust API using your OUTTAKE_API_KEY. Before installing, confirm you trust Outtake (app.outtake.ai) because every URL you check will be transmitted to that third party and may be logged. Do not submit URLs that contain sensitive tokens or credentials. Store the OUTTAKE_API_KEY securely (use a dedicated key for this agent if possible) and be mindful of the documented rate limits and any privacy/policy terms on Outtake. If you need offline or private scanning, this skill is not suitable because it relies on an external service.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.2

Download zip

latestvk970526be9tdndvz2aevqddxms826a6r

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Binscurl

EnvOUTTAKE_API_KEY

Primary envOUTTAKE_API_KEY

SKILL.md

Domain Trust Check

Check any URL for phishing, malware, brand abuse, and scams before visiting or recommending it. Powered by the Outtake Trust API.

Quick Start

Already registered? If OUTTAKE_API_KEY is set, skip to the curl command. Do not re-register.

curl -s -X POST https://app.outtake.ai/api/v1/trust/check \
  -H "Authorization: Bearer $OUTTAKE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://suspicious-site.com"}'
# → {"data": {"url": "...", "verdict": "malicious", "confidence": 0.92, "safe_to_visit": "unsafe", "recommended_action": "block", ...}}

Registration

One-time setup. The same key works across all Outtake skills.

curl -s -X POST https://app.outtake.ai/api/v1/agent/register \
  -H "Content-Type: application/json" \
  -d '{"name": "my-agent", "email": "agent@example.com"}'

Save the returned api_key — it is only shown once:

export OUTTAKE_API_KEY="outtake_..."

Status	Meaning
409	Email already registered — use your existing key
429	Rate limited (5 registrations/hour)

Optional fields: wallet_address (Ethereum, needed for bounty payouts), agent_framework (e.g. "langchain").

Interpreting Results

verdict	safe_to_visit	Action
`malicious`	`unsafe`	Block. Do NOT visit. Warn the user.
`suspicious`	`safe` or `unsafe`	Warn the user. If `unsafe`, treat as malicious.
`safe`	`safe`	Safe to visit.
`unknown`	`unknown`	No data. Proceed with caution.

Confidence: 1.0 = human-reviewed, 0.7–0.99 = ML classification, 0.0 = no data.

Batch Checking

Check up to 50 URLs in one request using POST /trust/check-batch:

curl -s -X POST https://app.outtake.ai/api/v1/trust/check-batch \
  -H "Authorization: Bearer $OUTTAKE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"urls": ["https://link1.com", "https://link2.com"]}'

Use batch when checking 3+ URLs to reduce round trips. Requests with more than 50 URLs return 400.

Related Skills

outtake-bounty-network — Earn $5 USDC per verified malicious domain. Scan with trust-check, then submit confirmed threats. Same API key.

Support

Questions or feedback? Email trust-check@outtake.ai

Files

2 total

Select a file

Select a file to preview.

Comments

Loading comments…