Domain Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears consistent with its domain-monitoring purpose, with only expected local command use and a small local watchlist file to notice.
Before installing, be comfortable with the agent running local whois and openssl checks for domains you provide and storing the watchlist in ~/.domain_monitor.json. No evidence of hidden exfiltration, credential use, destructive behavior, or background persistence was found.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running checks may contact WHOIS services and the target domain's TLS endpoint for domains the user asks to monitor.
The skill invokes local WHOIS and OpenSSL tools using the provided domain. This is expected for domain monitoring and uses argument lists rather than shell execution, but users should know the agent may run these local tools.
subprocess.run(["whois", domain], ...); subprocess.run(["openssl", "s_client", "-connect", f"{domain}:443", "-servername", domain], ...)Use normal domain names you intend to monitor and ensure the local whois and openssl binaries are trusted.
If the local system tools are missing or replaced by untrusted binaries, checks could fail or behave unexpectedly.
The skill depends on preinstalled system binaries and has no installer. This is appropriate for the purpose, but the behavior depends on the user's local versions of those tools.
"requires": { "bins": ["python3", "whois", "openssl"] }, "install": []Install whois and openssl from trusted OS package sources and keep them updated.
The local file may reveal which domains the user monitors, which could be business-sensitive in some cases.
The script persists the monitored domain list and last-check timestamps in a local JSON file for later reuse.
DATA_FILE = os.path.expanduser("~/.domain_monitor.json")Treat ~/.domain_monitor.json as local monitoring data and delete it if you stop using the skill or no longer want the watchlist retained.