Domain Name Registration For Agents
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for domain registration, but it gives an agent high-impact wallet payment and DNS-changing workflows without clear approval, spending, or rollback limits.
Review carefully before installing. If you use it, use a dedicated low-balance wallet, pin and verify the client package, and require explicit confirmation before any domain purchase, wallet signature, DNS change, nameserver change, or registrant-profile update.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent follows this workflow too freely, it could spend USDC on domain registrations the user did not explicitly approve.
The default workflow includes a paid domain-registration call where payment is handled automatically, but the artifacts do not require an explicit user approval step for price, domain, years, wallet, or network.
# 5. Register domain (payment handled automatically)
domain = client.register_domain("myagent.xyz")Require a clear confirmation before every paid registration, including the domain, term, total USDC cost, network, wallet address, and whether the action is reversible.
A mistaken or autonomous DNS change could break public services for a domain.
The skill supports DNS record deletion, updates, and nameserver changes, which can affect websites, email, and other services; no approval, preview, rollback, or domain-ownership boundary is described.
client.update_dns("example.xyz", record_id="12345", value="192.0.2.2")
client.delete_dns("example.xyz", record_id="12345")
...
client.set_nameservers("example.xyz", [Show a DNS diff and require user approval before changes; include rollback instructions and restrict changes to domains the user explicitly selected.
The agent may gain authority over a funded wallet used for payments, creating financial and account-control risk.
The skill creates or uses a local wallet that can hold spendable USDC, but the reviewed metadata declares no primary credential or required config path and the instructions do not define key-protection or spending boundaries.
account = load_or_create_wallet("wallet.json") # Creates if missing
# Fund with USDC on Base network before registeringUse a dedicated low-balance wallet, set explicit spending limits, protect the wallet file, and require user approval before signing or paying.
Registrant contact details may be stored with the provider and reused across future domain registrations.
The skill collects and reuses registrant contact information, including address, email, and phone number; this is expected for ICANN registration but is sensitive personal data.
"name": "Required Name", "street_address": "123 Main St", ... "email": "contact@agentns.xyz", "phone": "+14155551234", ... - **Registrant profile**: ICANN requires contact info - create once, reused for all domains
Confirm what contact information will be sent, use WHOIS privacy where appropriate, and avoid entering unnecessary personal data.
The safety of the workflow depends on the external package actually installed from PyPI.
The skill depends on an unpinned external PyPI package that was not included in the reviewed artifact set; installing a package is expected for this integration, but it will handle wallet and domain-management actions.
pip install agentns-client # For Solana wallet support: pip install agentns-client[solana]
Verify the package source, pin a trusted version, review its code if possible, and install it in an isolated environment.