← Back to Skills Marketplace
solarx56

GoDaddy API

by Andrew · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
769
Downloads
2
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install godaddy-api
Description
Complete GoDaddy API skill with shell scripts + MCP server for domains, DNS, certificates, shoppers, subscriptions, agreements, countries, and aftermarket li...
README (SKILL.md)

GoDaddy API

Setup

export GODADDY_API_BASE_URL="https://api.godaddy.com"  # or https://api.ote-godaddy.com
export GODADDY_API_KEY="your-key"
export GODADDY_API_SECRET="your-secret"

Keys: \x3Chttps://developer.godaddy.com/keys>

Shell scripts

  • scripts/gd-domains.sh — list/get/availability, validate purchase, purchase, renew, transfer, update, update contacts, delete, privacy on/off, domain agreements get/accept
  • scripts/gd-dns.sh — get all/type/name, patch add, replace all/type/type+name, delete type+name
  • scripts/gd-certs.sh — create/validate/get/actions/download/renew/reissue/revoke/verify domain control
  • scripts/gd-shoppers.sh — get/update/delete shopper
  • scripts/gd-subscriptions.sh — list/get/cancel subscription
  • scripts/gd-agreements.sh — list legal agreements
  • scripts/gd-countries.sh — list countries
  • scripts/gd-aftermarket.sh — list/get aftermarket listings

Destructive/financial actions prompt for confirmation.

MCP server

Path: scripts/mcp-server/

cd scripts/mcp-server
npm install
npm run build
node dist/index.js

Exposes MCP tools for all skill operations (domains, DNS, certs, shoppers, subscriptions, agreements, countries, aftermarket).

Example MCP config:

{
  "mcpServers": {
    "godaddy": {
      "command": "node",
      "args": ["path/to/mcp-server/dist/index.js"],
      "env": {
        "GODADDY_API_BASE_URL": "https://api.godaddy.com",
        "GODADDY_API_KEY": "",
        "GODADDY_API_SECRET": ""
      }
    }
  }
}

References

  • references/endpoints.md — complete endpoint map
  • references/auth-and-env.md — auth/env setup
  • references/request-bodies.md — payload examples
  • references/error-handling.md — troubleshooting
  • references/safety-playbook.md — safe operation patterns
Usage Guidance
This skill appears to be a functional GoDaddy client, but the registry metadata does not declare the API credentials the code needs — treat that as a red flag. Before installing or running: (1) do not paste production API_KEY/SECRET into random shells; prefer testing in the OTE URL; (2) avoid blindly appending exports to ~/.zshrc/ ~/.bashrc — instead use a secure secrets store, an env file with restricted permissions, or temporarily export in a session; (3) review package.json/package-lock and run npm install in an isolated environment (or scan dependencies) before starting the MCP server; (4) ensure the local MCP server is not exposed to untrusted networks; (5) if you need to proceed, confirm the skill author/source and update registry metadata to list the required env vars/primary credential so the permissions are transparent.
Capability Analysis
Type: OpenClaw Skill Name: godaddy-api Version: 1.1.0 The skill bundle is classified as suspicious due to critical shell injection vulnerabilities present in the `scripts/*.sh` files. User-provided arguments and the content of user-specified JSON payload files are directly interpolated into `curl` commands and URL query strings without proper sanitization (e.g., in `scripts/gd-api.sh`, `scripts/gd-aftermarket.sh`, `scripts/gd-certs.sh`). This allows for arbitrary command execution if an attacker can control the input to these shell scripts. While the `scripts/mcp-server/` (Node.js) component is well-secured with input validation and safe API call mechanisms, the presence of these severe vulnerabilities in the shell scripts, which are a primary interface described in `SKILL.md`, poses a significant risk of remote code execution.
Capability Assessment
Purpose & Capability
The name/description match the included scripts and MCP server: everything is focused on GoDaddy domains, DNS, certs, shoppers, subscriptions, agreements and aftermarket. Required binaries (bash, curl, jq, node, npm) are appropriate for the provided shell scripts and Node MCP server. However the skill registry metadata declares no required environment variables or primary credential while the SKILL.md and all scripts require GODADDY_API_BASE_URL, GODADDY_API_KEY, and GODADDY_API_SECRET — a clear mismatch between claimed metadata and actual runtime needs.
Instruction Scope
SKILL.md and the shell scripts limit actions to GoDaddy API calls and include confirmation prompts for destructive/financial actions. Instructions recommend testing in OTE and not logging secrets. The only out-of-band operation is recommending appending export lines to ~/.bashrc or ~/.zshrc to persist credentials (documented), which writes to a user config file but is within the expected scope for CLI tools.
Install Mechanism
There is no platform install spec — the skill is instruction- and code-file-based. The MCP server requires running npm install/build (package.json and package-lock.json included), which will pull dependencies from the public npm registry. There are no downloads from arbitrary URLs or extract-from-URL steps, but running npm install will fetch third-party packages (normal but moderate risk if you don't review dependencies).
Credentials
The runtime requires three sensitive environment variables (GODADDY_API_BASE_URL, GODADDY_API_KEY, GODADDY_API_SECRET) that are used everywhere (shell scripts and MCP server). The registry entry incorrectly lists no required env vars or primary credential — this is a material metadata inconsistency. The SKILL.md also suggests echoing secrets into ~/.zshrc/ ~/.bashrc for persistence, which increases the risk of long-lived secret exposure if users follow it blindly.
Persistence & Privilege
The skill does not request always:true and does not attempt to change other skills or system-wide agent settings. It does, however, instruct the user how to persist credentials into shell startup files and runs a local MCP server (node dist/index.js) which, if started, will hold credentials in its environment. These behaviors are expected for a local API client but mean you should avoid running the MCP server on an exposed machine or persisting secrets insecurely.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install godaddy-api
  3. After installation, invoke the skill by name or use /godaddy-api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Remove bundled node_modules — install via npm install in scripts/mcp-server/ instead
v1.0.0
- Initial release of the GoDaddy API skill. - Provides shell scripts for managing domains, DNS, certificates, shoppers, subscriptions, agreements, countries, and aftermarket listings. - Includes an MCP server to expose all operations programmatically. - Destructive and financial actions require confirmation for safety. - Detailed documentation and references included for endpoints, authentication, payloads, error handling, and safe operation guidelines.
Metadata
Slug godaddy-api
Version 1.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is GoDaddy API?

Complete GoDaddy API skill with shell scripts + MCP server for domains, DNS, certificates, shoppers, subscriptions, agreements, countries, and aftermarket li... It is an AI Agent Skill for Claude Code / OpenClaw, with 769 downloads so far.

How do I install GoDaddy API?

Run "/install godaddy-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GoDaddy API free?

Yes, GoDaddy API is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GoDaddy API support?

GoDaddy API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GoDaddy API?

It is built and maintained by Andrew (@solarx56); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments