Domain Name Registration For Agents

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can spend real USDC to register domains and change live DNS without clear approval guardrails.

Install only if you are comfortable letting an agent use a dedicated low-balance wallet for domain purchases and DNS administration. Pin and review the external client package, keep wallet files protected, confirm every domain, price, term, DNS record, and nameserver change before execution, and keep a backup of existing DNS settings for rollback.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill enables high-impact external actions—domain registration, DNS modification, and nameserver changes—that can incur irreversible costs or break service ownership/routing, but it does not instruct the agent to obtain explicit user confirmation immediately before performing them. In an agent context, this creates a real risk of unauthorized purchases, service disruption, traffic hijacking, or accidental lockout if the model acts on ambiguous prompts or inferred intent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal