🌐 Domain Registration — 域名注册管理
v1.0.0集成主流注册商 API 与面板,支持域名注册、转移、续费与安全保护,内置服务商专属工作流与回滚机制,保障操作安全可逆。
0· 275·1 当前·1 累计
by 下载技能包
最后更新
2026/3/5
安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to be what it says: a set of playbooks and checklists for registrar APIs and dashboard flows that will create a ~/domain-registration/ directory to store operational notes and logs. Before installing or using it: 1) Decide where you'll keep registrar API credentials (do not store them in the memory files the skill creates); 2) Be prepared to approve any billing actions manually — the skill emphasizes ask-first for purchases/transfers; 3) Back up current DNS/WHOIS state before ...详细分析 ▾
✓ 用途与能力
The name/description match the requested capabilities. Required binaries (curl, jq, dig, whois) are appropriate for registrar API calls, JSON parsing, DNS checks, and WHOIS lookups. Provider coverage and playbooks align with the stated purpose. One minor mismatch: example CLI snippets reference placeholders like ${PROVIDER_TOKEN} and ${PROVIDER_API} even though the skill declares no required env vars; this appears to be placeholders for runtime-supplied credentials rather than unexpected secrets requests.
✓ 指令范围
SKILL.md and the included playbooks limit actions to provider API/dashboard interactions, DNS validation, and local audit files in ~/domain-registration/. The instructions explicitly gate billing/ownership writes with user confirmation and instruct the agent not to store raw credentials in memory files. There are no instructions to read unrelated system files or exfiltrate data to unknown endpoints. Note: the skill includes curl examples that assume provider tokens/URLs will be supplied at runtime; ensure those tokens are provided securely and not written into the skill's memory files.
✓ 安装机制
Instruction-only skill with no install spec or remote downloads; nothing is written by an installer and no external packages are pulled. This is low-risk from an installation standpoint.
ℹ 凭证需求
The skill declares no required environment variables or primary credential, but the documentation clearly expects provider API credentials/auth models (API keys, tokens, IAM roles) for many actions. This is not necessarily malicious — it appears to expect credentials to be supplied interactively or via the user's normal credential management — but the skill does not declare or manage those secrets itself. Users should confirm how and where they will provide API keys (environment, secret manager, or manual dashboard use) and avoid storing raw tokens in the ~/domain-registration/ files as the docs advise.
✓ 持久化与权限
The skill is not always-enabled, can be invoked by the user, and is allowed autonomous invocation (platform default). It writes operational state under a dedicated ~/domain-registration/ directory, which is appropriate for its function. It does not request system-wide privileges or modify other skills. There is no indication of excessive persistence requirements.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux · macOS · Windows
版本
latestv1.0.02026/3/5
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install domain-registration
镜像加速npx clawhub@latest install domain-registration --registry https://cn.longxiaskill.com