ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mcp-domain-intel

v1.0.0

Domain intelligence — WHOIS lookups and domain availability checks via L402 API. Use for brand research, cybersecurity investigations, and domain acquisition...

0· 11·0 current·0 all-time
by@haveblue997
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code implements two MCP tools that call a remote API to perform domain lookup and availability checks, which matches the declared purpose. Dependencies (MCP SDK, zod) and required binary (npx) are reasonable for an MCP server packaged as an npm tool.
!
Instruction Scope
SKILL.md declares different tool names (whois_lookup / check_availability) while the code exposes 'lookup' and 'available'. SKILL.md and README instruct using an env var named L402_API_BASE_URL, but the code reads NAUTDEV_BASE_URL (and falls back to https://api.nautdev.com). Because the runtime instructions and examples don't match the actual binary's expectations, an agent following SKILL.md may misconfigure the service or unknowingly use the default endpoint.
Install Mechanism
This is an instruction-only skill with shipped package source files; it expects to be run with npx which will fetch the package from the npm registry. That's a common install pattern (moderate risk). There are no downloads from arbitrary URLs or extract operations in the manifest.
!
Credentials
The skill declares L402_API_BASE_URL as a required env var in SKILL.md, but the code uses NAUTDEV_BASE_URL (and defaults to api.nautdev.com). This mismatch means the declared required env var is ineffective and could lead the agent to believe it has configured a custom endpoint when the code ignores it. No secrets or unrelated credentials are requested, which is appropriate.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system config, and doesn't require elevated privileges. Autonomous invocation is allowed (platform default) but not combined here with broad privileges.
What to consider before installing
This skill's purpose (WHOIS and availability checks) is consistent with the code, but there are clear mismatches you should resolve before installing: - SKILL.md/README ask you to set L402_API_BASE_URL, but the program actually reads NAUTDEV_BASE_URL and otherwise defaults to https://api.nautdev.com. If you intend to point the tool at a private L402 endpoint, set NAUTDEV_BASE_URL instead (or verify the package behavior). - Tool names differ between the docs (whois_lookup / check_availability) and the code (lookup / available). Make sure the agent will call the correct tool names. - The package naming in docs (different author/namespace variants) is inconsistent; verify the exact npm package you will run (e.g., @vbotholemu/mcp-domain-intel) and inspect its npm publisher and repository before running via npx. Recommendations before installing: - Inspect the package on the npm registry (publisher, versions, README, repository) and preferably the source repo to confirm origin and integrity. - Test in an isolated environment; run the binary with NAUTDEV_BASE_URL pointed to a known test endpoint to confirm behavior. - Do not provide secrets or payment credentials to this skill until you confirm the service's billing/micropayment model and trust the publisher. If the publisher/repo is not verifiable or these inconsistencies are not corrected, treat the skill as untrusted.
dist/index.js:7
Environment variable access combined with network send.
src/index.ts:7
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9736ffpk14t2ejv4a9fjcykb98400pw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsnpx
EnvL402_API_BASE_URL

SKILL.md

Domain Intel (L402)

WHOIS lookups and domain availability checks — fast domain intelligence for agents.

Setup

{
  "mcpServers": {
    "domain-intel": {
      "command": "npx",
      "args": ["-y", "@vbotholemu/mcp-domain-intel"],
      "env": {
        "L402_API_BASE_URL": "https://api.nautdev.com"
      }
    }
  }
}

Tools

whois_lookup

Full WHOIS/DNS intelligence for a domain.

ParameterTypeRequiredDescription
domainstringyesDomain to look up

check_availability

Check if a domain is available for registration.

ParameterTypeRequiredDescription
domainstringyesDomain to check

When to Use

  • Brand protection and monitoring
  • Domain acquisition research
  • Cybersecurity investigations
  • Competitor analysis

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…