Is gregm711/agentdomainservice safe?

https://github.com/openclaw/skills/tree/main/skills/gregm711/agentdomainservice

96
SAFE

This is a documentation-only skill for domain registration API integration with no executable code or data exfiltration attempts. The primary risk is potential financial impact if agents misuse the documented purchase APIs.

Category Scores

Prompt Injection 92/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (2)

LOW Detailed API guidance could influence agent behavior -8

The skill provides extensive API documentation with specific endpoint instructions, authentication methods, and workflow examples that could strongly guide an agent to make external HTTP requests to clawdaddy.app services.

MEDIUM Potential for unintended financial transactions -15

The skill documents domain purchase APIs that involve real money transactions (USDC, credit cards). If an agent misinterprets user intent, it could initiate costly domain registrations.