ClawHub

Domain WHOIS Lookup

v1.0.7

Look up domain WHOIS information, check email security (DMARC/SPF/DKIM), inspect TLS certificates, and capture website screenshots. Provides a comprehensive,...

0· 203·1 current·1 all-time
byDerek Chan@sxlderek

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sxlderek/domaininfo.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Domain WHOIS Lookup" (sxlderek/domaininfo) from ClawHub.
Skill page: https://clawhub.ai/sxlderek/domaininfo
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install domaininfo

ClawHub CLI

Package manager switcher

npx clawhub@latest install domaininfo
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The declared skill purpose (WHOIS/DNS/DMARC/SPF/DKIM/TLS + optional screenshots) matches the instructions and included screenshot helper. However, registry metadata lists no required binaries while SKILL.md and references/setup.md expect system tools (whois, dig, openssl). README also claims IDN→Punycode conversion but SKILL.md doesn't specify conversion steps — a documentation/metadata mismatch that should be corrected.
Instruction Scope
Runtime instructions are narrowly scoped to domain analysis: extract/validate domain, run whois/dig/openssl via safe exec, fetch IP country codes via ipinfo.io, check DNS TXT for DMARC/SPF/DKIM, and optionally take a screenshot only when tooling exists. The skill includes specific guards against command injection, path traversal, and timeout requirements.
Install Mechanism
This is an instruction-only skill (no install spec). The only code is an optional Node script that safely skips when Playwright/Chromium are absent. No downloads from external URLs or install steps are included, so install risk is low.
Credentials
The skill requests no credentials and the script only reads an optional DOMAININFO_SCREENSHOT_DEBUG env var. It does, however, rely on external system binaries (whois, dig, openssl) and makes outbound web_fetch calls to ipinfo.io for geolocation. Those external calls are consistent with the stated purpose but are not declared in the registry metadata — this mismatch should be fixed. No secret exfiltration mechanisms are present.
Persistence & Privilege
The skill does not request always:true, does not require persistent system-wide changes, and contains no code that modifies other skills or global agent configuration. Optional screenshot files are written only under the skill directory with path checks in place.
Assessment
This skill appears coherent and not malicious, but check these before installing: (1) Ensure the runtime provides the required system binaries (whois, dig, openssl) if you want full functionality — the registry metadata currently omits them. (2) The skill will make outbound requests to ipinfo.io for IP geolocation (no credentials required); if you want to avoid external calls, don't enable the skill. (3) Screenshots are optional and only attempted when browser tooling or Node+Playwright+Chromium are already present; the included script safely skips if those are missing. (4) There's a minor mismatch about IDN/Punycode handling in the README vs SKILL.md — if you rely on internationalized domains, ask the author to clarify how conversion is performed. If any of these behaviors are unacceptable, don't install or ask the publisher to correct the metadata/instructions first.

Like a lobster shell, security has layers — review code before you run it.

latestvk972q2nsn7cmnf337963qq2njh83ekh1
203downloads
0stars
11versions
Updated 1mo ago
v1.0.7
MIT-0
Derek Chan@sxlderek
latest
Download

domaininfo

Look up domain WHOIS information and (optionally) capture website screenshots.

When to Use

When the user types whois <domain> or whois <url> or whois <email>:

  • Strip any https://, http://, www. prefixes
  • If input contains @, extract the domain part after @ (e.g., user@example.comexample.com)

Security Considerations

  • Input validation: After extracting the domain, only allow alphanumeric, hyphen, and dot characters. Reject anything else.
  • Command injection prevention: Never interpolate user input directly into shell strings. Prefer argument arrays / safe libraries.
  • Timeouts: Every external call must have a bounded timeout (e.g., 10s for WHOIS/DNS, 10s for TLS).
  • Error handling: On failure, return a generic user-friendly message and keep details internal.
  • Output sanitization: Build the final message as a single string before sending; never send partial responses.
  • File-system safety: If writing screenshots, restrict writes to a known directory under the skill folder and verify paths stay within it.
  • Rate-limiting & caching: Cache IP-to-country lookups briefly to avoid hammering external services.

Workflow (Strict Buffer-First — SAFE EXECUTION)

CRITICAL: Zero output until everything is ready. No progress messages.

Phase 1 — Silent Buffer with Validation

  1. Extract & validate domain
    • Strip https://, http://, www. prefixes.
    • If input contains @, take the part after @.
    • Validate with regex ^[a-z0-9.-]+$ (case-insensitive).
    • If invalid, abort and return “❌ Invalid domain”.
  2. WHOIS: run whois via safe exec with timeout (10s). Store registrar data.
  3. DNS: run dig for A, AAAA, NS, MX via safe exec with timeout (10s). Store results.
  4. IP Geolocation (Country Code)
    • For each IP from A/AAAA and resolved NS/MX hostnames:
      • Query https://ipinfo.io/{IP}/country using web_fetch with timeout (5s).
      • Store the returned 2-letter country code.
  5. Email Security (DMARC/SPF/DKIM)
    • DMARC: query TXT for _dmarc.<domain>
    • SPF: query TXT for <domain> and extract the string containing v=spf1 (parse in code; avoid shell pipelines)
    • DKIM: query TXT for common selectors (default, google, selector1)

Phase 2 — Optional Screenshot + TLS

Screenshot (ONLY if screenshot tooling is already available)

Only attempt a website screenshot if one of the following is already available in this runtime:

  • OpenClaw browser tool (preferred): use the browser tool to navigate to the site and take a screenshot.
  • Bundled Playwright script: scripts/domain-screenshot.js (only if Node + Playwright + a Chromium runtime are already installed).

If neither is available (missing tool / missing module / missing browser runtime), skip the screenshot silently and continue the report.

TLS/SSL Check (if HTTPS)

  • Fetch certificate info with openssl (timeout 10s).
  • Extract: certificate issuer and expiry date.
  • If it fails or times out, note “TLS check failed” but continue.

Phase 3 — Single Final Output

  • If a screenshot was successfully captured, send it via the message tool.
  • Send the final WHOIS + DNS + Email Security + TLS summary in one message only.

Send Screenshot (SINGLE SEND ONLY)

Use message tool with action=send and filePath:

{
  "action": "send",
  "caption": "domain.com screenshot",
  "filePath": "domain-screenshot.png"
}

Do NOT also implement provider-API fallbacks (e.g., raw HTTP requests). If message sending fails, report failure rather than double-sending.

Setup Notes

  • This skill does not include step-by-step installation instructions for Playwright/Chromium.
  • Screenshot is an optional enhancement and must be skipped if screenshot tooling is not already present.
  • See references/setup.md for non-invasive environment notes.

Comments

Loading comments...