Domain availability API built for AI agents. Check single domains, explore names across .com/.io/.ai/.dev/etc, filter by budget, get smart suggestions. Returns proper JSON/TXT with correct Content-Type headers.
v1.0.5The world's
⭐ 3· 2k·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description and the runtime instructions align: endpoints cover lookup, brainstorming, quoting, purchasing, and management/DNS operations as expected for a domain registrar. Payment flows (Stripe and an on‑chain 'x402' option) and management tokens are described and are coherent with the stated purpose.
Instruction Scope
SKILL.md only instructs normal API calls to the registrar and to save the returned managementToken for later management calls. It does not ask the agent to read arbitrary system files or unrelated credentials. Note: it explicitly tells agents to 'Save the managementToken immediately' — this is expected for a registrar but raises an operational concern about where/how agents store that secret.
Install Mechanism
This is an instruction‑only skill with no install spec and no code files, so there is nothing written to disk or fetched during install — lowest install risk.
Credentials
The skill declares no required environment variables, which is reasonable because management tokens are obtained at runtime. However the metadata sets primaryEnv: any (and registry lists Primary credential: any), which is ambiguous — it could be a placeholder but might confuse automated gating systems. The skill will accept and use bearer management tokens (as returned by purchase flows); those are necessary but are sensitive secrets.
Persistence & Privilege
always is false and there is no install step that modifies other skills or system config. The only persistence implied is that agents may store the managementToken returned by the API; that is typical but should be handled securely by the agent.
Scan Findings in Context
[no-findings] expected: The static regex scanner had no code to analyze (instruction‑only SKILL.md). Absence of findings is expected for an instruction‑only skill; it does not imply the remote service is safe or legitimate.
Assessment
This skill appears to accurately describe a domain registrar API, but verify a few things before using it for sensitive operations: 1) Confirm the service's legitimacy (visit and vet https://clawdaddy.app, check DNS/WHOIS, reviews, or organization info) before paying or storing tokens. 2) Do not store managementToken in plaintext or in logs — treat it as a secret and use the agent's secure credential store. 3) Test with read‑only operations (lookup/brainstorm) first; avoid performing purchases until you're sure the payment endpoints and checkout URLs are legitimate. 4) Be cautious with any crypto payments—confirm the payTo address and transaction requirements out‑of‑band. 5) If you need stronger assurance, ask the skill author for a contact, privacy/terms, and code or API docs hosted on a reputable domain; that would raise confidence from medium to high.Like a lobster shell, security has layers — review code before you run it.
latestvk97fc9rc4mr464yhpmatbgjt6180h87f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Primary envany