Is abtdomain/domain safe?

https://github.com/openclaw/skills/tree/main/skills/abtdomain/domain

81
SAFE

DomainKits is a legitimate commercial domain intelligence skill with no malicious installation behavior, prompt injection, or local data exfiltration. The skill itself is documentation-only, installs cleanly from GitHub, and left all canary honeypot files untouched. The primary risk is architectural: every domain query, business analysis, and user preference is transmitted to and stored by the domainkits.com service operator, creating a detailed third-party record of the user's domain research and business strategy. Affiliate link monetization is disclosed, but the agent is instructed to always surface these links, making the agent a passive revenue channel for the skill author.

Category Scores

Prompt Injection 88/100 · 30%
Data Exfiltration 62/100 · 25%
Code Execution 83/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (6)

MEDIUM All user queries routed to third-party external API -25

Every domain search, WHOIS lookup, DNS query, availability check, and market trend analysis is transmitted to api.domainkits.com. The service operator has complete visibility into user domain research activities, including potentially confidential brand research, competitive intelligence, and business acquisition planning. There is no mechanism for the user to verify what data the service retains or how long it is kept.

MEDIUM Persistent user strategy and preference data stored on external servers -13

The set_preferences, set_strategy, and set_monitor tools explicitly upload user TLD preferences, budget ranges, domain investment strategies, and monitoring targets to domainkits.com's servers. This creates a durable profile of the user's domain business interests that persists beyond the session and is controlled by the skill author's infrastructure.

LOW Agent instructed to always surface affiliate-tracked registration links -12

The skill's output rules mandate that the agent always display register_url for available domains. These links are disclosed as affiliate links, but the instruction causes the agent to consistently recommend monetized registration paths regardless of whether better alternatives exist. The agent is being instrumentalized as an affiliate marketing channel.

LOW Runtime npx execution introduces unpinned npm dependency -17

The skill instructs users and agents to invoke 'npx mcporter' at runtime, which fetches and executes the mcporter package from the npm registry. The package version is not pinned in any lockfile within the skill, meaning a compromised or updated mcporter package could affect agent behavior at runtime without triggering a skill update.

LOW Confidential business research exposed via brand_match and strategy workflows -28

Workflows like brand_match ('Brand conflict detection with trademark links') and expired_analysis ('Due diligence for expired domains') are designed for sensitive business use cases — evaluating brand conflicts before product launches, assessing domain acquisition targets. Running these through a third-party API service exposes material non-public business research to the skill author's infrastructure.

INFO Repository ownership changed between versions with missing version history -8

The skill's earliest recorded version (1.0.2) references a commit at github.com/clawdbot/skills, while all later versions (1.0.7+) reference github.com/openclaw/skills. Versions 1.0.3 through 1.0.6 are absent from the history. This indicates either an account rename or a skill transfer. The gap in version history prevents auditing what changed in those intermediate releases.