← Back to Skills Marketplace

ip-lookup

Name: ip-lookup
Author: michaelzhangty

by MichaelZhangty · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ✓ Security Clean

334

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ip-lookup

Description

Lookup IP address or hostname details including geolocation, ASN/ISP, reverse DNS, RDAP/WHOIS network info, and optional AbuseIPDB reputation check without A...

README (SKILL.md)

IP Lookup

Zero-dependency network intelligence for any IP address or hostname. Combines four data sources into one clean terminal report: geolocation, reverse DNS, RDAP/WHOIS network block info, and optional AbuseIPDB reputation check.

No pip install required. Uses only Python 3 stdlib (urllib, socket, json, argparse). Works on any machine that has Python - no virtual environments, no dependency management.

Quick Start

python3 {baseDir}/scripts/ip_lookup.py 8.8.8.8
python3 {baseDir}/scripts/ip_lookup.py github.com

For a hostname, it auto-resolves to IP first, then runs all lookups.

What each panel shows

[Geo] Geolocation (always on)

Queries ip-api.com (45 req/min free, no key). Falls back to ipwho.is if ip-api.com fails.

Returns:

Country, country code, region, city, postal/ZIP code
Latitude and longitude coordinates
Timezone (e.g. America/ New_York)
ISP name and organisation
ASN in "AS12345 Name" format
Flags: PROXY, HOSTING/VPN, MOBILE - detected by ip-api.com heuristics

Example output for 8.8.8.8: IP Address 8.8.8.8 Country United States [US] Region Virginia City Ashburn Timezone America/New_York ISP Google LLC Org Google Public DNS ASN AS15169 Google LLC Flags HOSTING/VPN

[PTR] Reverse DNS (on by default, skip with --no-ptr)

Queries dns.google for the PTR record of the IP. Converts the IP to in-addr.arpa form internally. Returns the hostname if one exists, or "(no PTR record)" if none.

Useful for: identifying server hostnames, recognising CDN edge nodes (e.g. server- 13-35-12-1.fra50.r.cloudfront.net), confirming FCrDNS (forward-confirmed reverse DNS).

[RDAP] RDAP / WHOIS (on by default, skip with --no-rdap)

Queries rdap.arin.net first. Falls back to rdap.db.ripe.net for European IPs.

Returns:

Network name - registered handle for the IP block (e.g. APNIC-LABS, MSFT)
CIDR block(s) - prefix in CIDR notation (e.g. 1.1.1.0/24)
Abuse contact name and email - extracted from RDAP entities where roles includes "abuse"
Registration date and Last changed date

Example output for 1.1.1.1: Network Name APNIC-LABS CIDR Block(s) 1.1.1.0/24 Abuse Email [email protected] Registration 2011-08-10 Last Changed 2023-04-26

[Abuse] AbuseIPDB reputation (optional, requires free API key)

Queries api.abusei pdb.com with 90-day lookback. Returns:

Abuse confidence score 0-100 (0 = clean, 100 = confirmed malicious)
Total reports in past 90 days
Last reported timestamp
Usage type (e.g. Data Center/Web Hosting/Transit)
Domain associated with the IP

Score guide:

0 = no reports, likely clean
1-25 = low risk, possibly misconfigured server
26-75 = suspicious, investigate further
76-100 = high confidence malicious (scanner, spam source, Tor exit node, etc.)

All flags

Flag	Effect
--json	Full result as JSON (no ANSI codes, safe to pipe)
--abuse	Enable AbuseIPDB panel (needs ABUSEIPDB_KEY env var)
--no-rdap	Skip RDAP/WHOIS (faster, avoids rate limits)
--no-ptr
Skip reverse DNS PTR lookup

Common workflows

Fast geo-only lookup: python3 {baseDir}/scripts/ip_lookup.py 104.21.0.1 --no-rdap --no-ptr

Find abuse contact for a network: python3 {baseDir}/scripts/ip_lookup.py 185.220.101.1

Check if IP is flagged malicious: export ABUSEIPDB_KEY=your_key python3 {baseDir}/scripts/ip_lookup.py 185.220.101.1 --abuse

Scripting with JSON output: python3 {baseDir}/scripts/ip_lookup.py 8.8.8.8 --json | python3 -c
"import json,sys; d=json.load(sys.stdin); print(d['geo']['country'], d['geo']['as'])"

Investigate a hostname (auto-resolves): python3 {baseDir}/scripts/ip_lookup.py suspicious-domain.example.com

AbuseIPDB setup (one-time)

Sign up free at https://www.abuseipdb.com/register
Go to API tab in y our dashboard and create a key (free tier: 1000 checks/day)
Run: export ABUSEIPDB_KEY=your_key_here

Technical notes

ANSI colour output is auto-disabled when stdout is not a TTY (pipes, CI, logs)
IPv6 addresses are supported for geolocation and RDAP; PTR lookup is IPv4-only
RDAP tries ARIN first (global coverage), retries RIPE directly if no data returned
ip-api.com rate limit: 45 requests/minute on the free tier; auto-falls back to ipwho.is
No caching - all calls are live; use --no-rdap --no-ptr for bulk queries
Script uses only Python 3 stdlib - no pip install needed

Usage Guidance

This skill appears internally consistent and uses only standard Python libraries. Before installing/running, consider: (1) network lookups send the queried IP/hostname to public third-party services — avoid using it on sensitive internal/private addresses if you don't want that data shared, and expect rate limits; (2) if you enable the AbuseIPDB option you must set ABUSEIPDB_KEY — treat that key as sensitive; (3) you can inspect the bundled scripts (they are included) — they appear to only perform the described lookups. If you need an offline or privacy-preserving workflow, do not enable the script or run it in a restricted environment.

Capability Analysis

Type: OpenClaw Skill Name: ip-lookup Version: 1.0.1 The ip-lookup skill is a standard network intelligence tool that performs geolocation, reverse DNS, and RDAP lookups using Python's standard library. It interacts with legitimate public APIs (ip-api.com, dns.google, arin.net) and optionally uses an environment variable (ABUSEIPDB_KEY) for reputation checks, which is consistent with its stated purpose in SKILL.md and scripts/ip_lookup.py.

Capability Assessment

✓ Purpose & Capability

The name/description match the code and SKILL.md: geolocation (ip-api/ipwho.is), PTR (dns.google), RDAP (ARIN/RIPE) and optional AbuseIPDB checks. The declared runtime requirement (python3) aligns with the provided Python script; no unrelated credentials or binaries are requested.

ℹ Instruction Scope

SKILL.md and the script limit actions to network lookups for the target (DNS resolution, HTTP RDAP/geo/abuse queries). Note: every lookup sends the target IP/hostname to third-party services (ip-api.com, ipwho.is, dns.google, rdap.arin.net/ripe, and optionally api.abuseipdb.com), which is expected for this purpose but may reveal investigation targets to those providers.

✓ Install Mechanism

No install spec; the skill is instruction-only and ships a standalone Python script that uses only the standard library. Nothing is downloaded or written to disk at install time beyond the included files.

ℹ Credentials

No required environment variables. The only sensible optional credential is ABUSEIPDB_KEY for the optional AbuseIPDB panel, which the SKILL.md documents. This is proportionate to the stated optional feature; no unrelated secrets or config paths are requested.

✓ Persistence & Privilege

always is false and the skill does not request persistent or system-wide privileges. It does not modify other skills or system configuration.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ip-lookup
After installation, invoke the skill by name or use /ip-lookup
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

- Documentation formatting was simplified for better readability. - Example command blocks were updated to use consistent indentation and plain style. - The description and workflow notes now clarify that no pip install is required, Python 3 stdlib only. - Minor rewording throughout for conciseness; some sections shortened and bullet lists streamlined. - Emoji style in metadata changed from Unicode to Markdown.

v1.0.0

- Initial release of ip-lookup: zero-dependency tool for investigating any IP address or hostname. - Supports comprehensive geolocation data (country, city, ASN, ISP, flags) with ip-api.com and fallback to ipwho.is. - Provides reverse DNS (PTR) lookups using dns.google. - Fetches RDAP/WHOIS info (network name, CIDR block, abuse contact) from ARIN and RIPE databases. - Optional AbuseIPDB reputation check for abuse confidence scores (requires API key). - Includes JSON output mode and flexible CLI flags for customization.

Metadata

Slug ip-lookup

Version 1.0.1

License MIT-0

All-time Installs 6

Active Installs 5

Total Versions 2

Frequently Asked Questions

What is ip-lookup?

Lookup IP address or hostname details including geolocation, ASN/ISP, reverse DNS, RDAP/WHOIS network info, and optional AbuseIPDB reputation check without A... It is an AI Agent Skill for Claude Code / OpenClaw, with 334 downloads so far.

How do I install ip-lookup?

Run "/install ip-lookup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ip-lookup free?

Yes, ip-lookup is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ip-lookup support?

ip-lookup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ip-lookup?

It is built and maintained by MichaelZhangty (@michaelzhangty); the current version is v1.0.1.

More Skills