Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Domain Check
v1.0.0Check domain availability via Vercel and buy/manage domains via Vercel CLI
⭐ 0· 481·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description match the SKILL.md: it uses the Vercel CLI and Vercel Registrar API to check availability and buy domains. However, the skill does not declare any required credentials or env vars even though the instructions clearly require a Vercel token/team ID and CLI authentication. That omission is a material inconsistency.
Instruction Scope
The SKILL.md explicitly instructs the agent to read the Vercel CLI auth file (~/.local/share/com.vercel.cli/auth.json) and config (~/.local/share/com.vercel.cli/config.json) or to use a VERCEL_TOKEN/VERCEL_TEAM_ID env var. It also demonstrates exec(...) calls (including interactive buys with pty:true) and curl POSTs that would actually purchase domains. These instructions access local credential files and allow high-impact actions (purchasing domains) that are not declared in the skill metadata.
Install Mechanism
There is no install spec and no code files; this instruction-only approach minimizes disk-write risk. However, the instructions assume external tooling (npx, jq, curl, Vercel CLI) that the environment must have, which is not declared in required binaries.
Credentials
The skill requires a Vercel token and (optionally) a team ID to operate, and it demonstrates reading those from local files — yet requires.env and primary credential are empty. It also references jq, npx and curl but none are listed as required binaries. Requesting or reading tokens is expected for this purpose, but failing to declare them is a proportionality/visibility problem and increases risk of accidental credential access/exfiltration.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system configs. It can invoke interactive commands (buy flows), which is normal for its purpose, but that capability combined with undeclared credential access raises risk — the permission model is otherwise standard.
What to consider before installing
This skill appears to be functionally what it claims (Vercel domain checks and buys) but the runtime instructions expect access to your Vercel CLI token and team config files (or VERCEL_TOKEN / VERCEL_TEAM_ID) even though the skill metadata lists no required credentials. Before installing or enabling this skill: 1) Verify the skill source and trustworthiness (there is no homepage and the owner is unknown). 2) Be cautious about giving the agent filesystem access or allowing autonomous runs that could read ~/.local/share/com.vercel.cli/auth.json and use that token. 3) Ensure npx, jq, curl and the Vercel CLI are present if you intend to use it; confirm the skill declares those requirements or run it in a restricted environment. 4) If you don't want accidental purchases, disallow interactive execs or require manual confirmation for any buy/POST operations. 5) Demand that the skill metadata be updated to declare the VERCEL_TOKEN/VERCEL_TEAM_ID requirements (or explicitly state that it will read the Vercel CLI files) so you can make an informed permission decision.Like a lobster shell, security has layers — review code before you run it.
latestvk97dqy8zf749y2sd1p506hgb5x81tykc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.