Domain Trust Check

v1.2.2

URL safety scanner and domain reputation checker. Use when: checking if a URL is safe before visiting, scanning links in emails/messages, verifying domains f...

⭐ 1· 735·1 current·1 all-time

byhola@jamesouttake

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jamesouttake/domain-trust-check.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Domain Trust Check" (jamesouttake/domain-trust-check) from ClawHub.
Skill page: https://clawhub.ai/jamesouttake/domain-trust-check
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: OUTTAKE_API_KEY
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install domain-trust-check

ClawHub CLI

Package manager switcher

npx clawhub@latest install domain-trust-check

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (URL safety / domain reputation) align with the declared requirements: curl and OUTTAKE_API_KEY. All endpoints referenced are under app.outtake.ai and the included reference doc documents the same API surfaces. No unrelated services, binaries, or config paths are requested.

✓

Instruction Scope

SKILL.md contains concrete curl examples for single and batch checks and a small registration flow to obtain OUTTAKE_API_KEY. It does not instruct the agent to read arbitrary files, credentials, or other environment variables, nor does it direct data to endpoints outside Outtake. Note: URLs (which may contain sensitive tokens) are sent to the third‑party Outtake API as intended by the skill.

✓

Install Mechanism

No install spec or code to download — the skill is instruction-only and relies on existing curl being present. This is the lowest-risk install model and matches the declared required binary.

✓

Credentials

Only a single API credential (OUTTAKE_API_KEY) is required and is justified by the documented Bearer auth. No unrelated secrets, keys, or config paths are requested. The SKILL.md uses that same environment variable and does not reference other undeclared env vars.

✓

Persistence & Privilege

always is false (not force-included) and model invocation is allowed (platform default). The skill does not request persistent system changes, does not modify other skills, and does not require elevated privileges. Autonomous invocation is normal and not by itself a concern here.

Assessment

This skill is coherent with its stated purpose: it sends URLs to Outtake's trust API using your OUTTAKE_API_KEY. Before installing, confirm you trust Outtake (app.outtake.ai) because every URL you check will be transmitted to that third party and may be logged. Do not submit URLs that contain sensitive tokens or credentials. Store the OUTTAKE_API_KEY securely (use a dedicated key for this agent if possible) and be mindful of the documented rate limits and any privacy/policy terms on Outtake. If you need offline or private scanning, this skill is not suitable because it relies on an external service.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis

Binscurl

EnvOUTTAKE_API_KEY

Primary envOUTTAKE_API_KEY

latestvk970526be9tdndvz2aevqddxms826a6r

735downloads

1stars

7versions

Updated 1mo ago

v1.2.2

MIT-0

Domain Trust Check

Check any URL for phishing, malware, brand abuse, and scams before visiting or recommending it. Powered by the Outtake Trust API.

Quick Start

Already registered? If OUTTAKE_API_KEY is set, skip to the curl command. Do not re-register.

curl -s -X POST https://app.outtake.ai/api/v1/trust/check \
  -H "Authorization: Bearer $OUTTAKE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://suspicious-site.com"}'
# → {"data": {"url": "...", "verdict": "malicious", "confidence": 0.92, "safe_to_visit": "unsafe", "recommended_action": "block", ...}}

Registration

One-time setup. The same key works across all Outtake skills.

curl -s -X POST https://app.outtake.ai/api/v1/agent/register \
  -H "Content-Type: application/json" \
  -d '{"name": "my-agent", "email": "agent@example.com"}'

Save the returned api_key — it is only shown once:

export OUTTAKE_API_KEY="outtake_..."

Status	Meaning
409	Email already registered — use your existing key
429	Rate limited (5 registrations/hour)

Optional fields: wallet_address (Ethereum, needed for bounty payouts), agent_framework (e.g. "langchain").

Interpreting Results

verdict	safe_to_visit	Action
`malicious`	`unsafe`	Block. Do NOT visit. Warn the user.
`suspicious`	`safe` or `unsafe`	Warn the user. If `unsafe`, treat as malicious.
`safe`	`safe`	Safe to visit.
`unknown`	`unknown`	No data. Proceed with caution.

Confidence: 1.0 = human-reviewed, 0.7–0.99 = ML classification, 0.0 = no data.

Batch Checking

Check up to 50 URLs in one request using POST /trust/check-batch:

curl -s -X POST https://app.outtake.ai/api/v1/trust/check-batch \
  -H "Authorization: Bearer $OUTTAKE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"urls": ["https://link1.com", "https://link2.com"]}'

Use batch when checking 3+ URLs to reduce round trips. Requests with more than 50 URLs return 400.

Related Skills

outtake-bounty-network — Earn $5 USDC per verified malicious domain. Scan with trust-check, then submit confirmed threats. Same API key.

Support

Questions or feedback? Email trust-check@outtake.ai

Comments

Loading comments...