← Back to Skills Marketplace
737
Downloads
1
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install domain-trust-check
Description
URL safety scanner and domain reputation checker. Use when: checking if a URL is safe before visiting, scanning links in emails/messages, verifying domains f...
README (SKILL.md)
Domain Trust Check
Check any URL for phishing, malware, brand abuse, and scams before visiting or recommending it. Powered by the Outtake Trust API.
Quick Start
Already registered? If
OUTTAKE_API_KEYis set, skip to the curl command. Do not re-register.
curl -s -X POST https://app.outtake.ai/api/v1/trust/check \
-H "Authorization: Bearer $OUTTAKE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://suspicious-site.com"}'
# → {"data": {"url": "...", "verdict": "malicious", "confidence": 0.92, "safe_to_visit": "unsafe", "recommended_action": "block", ...}}
Registration
One-time setup. The same key works across all Outtake skills.
curl -s -X POST https://app.outtake.ai/api/v1/agent/register \
-H "Content-Type: application/json" \
-d '{"name": "my-agent", "email": "[email protected]"}'
Save the returned api_key — it is only shown once:
export OUTTAKE_API_KEY="outtake_..."
| Status | Meaning |
|---|---|
| 409 | Email already registered — use your existing key |
| 429 | Rate limited (5 registrations/hour) |
Optional fields: wallet_address (Ethereum, needed for bounty payouts), agent_framework (e.g. "langchain").
Interpreting Results
| verdict | safe_to_visit | Action |
|---|---|---|
malicious |
unsafe |
Block. Do NOT visit. Warn the user. |
suspicious |
safe or unsafe |
Warn the user. If unsafe, treat as malicious. |
safe |
safe |
Safe to visit. |
unknown |
unknown |
No data. Proceed with caution. |
Confidence: 1.0 = human-reviewed, 0.7–0.99 = ML classification, 0.0 = no data.
Batch Checking
Check up to 50 URLs in one request using POST /trust/check-batch:
curl -s -X POST https://app.outtake.ai/api/v1/trust/check-batch \
-H "Authorization: Bearer $OUTTAKE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"urls": ["https://link1.com", "https://link2.com"]}'
Use batch when checking 3+ URLs to reduce round trips. Requests with more than 50 URLs return 400.
Related Skills
- outtake-bounty-network — Earn $5 USDC per verified malicious domain. Scan with trust-check, then submit confirmed threats. Same API key.
Support
Questions or feedback? Email [email protected]
Usage Guidance
This skill is coherent with its stated purpose: it sends URLs to Outtake's trust API using your OUTTAKE_API_KEY. Before installing, confirm you trust Outtake (app.outtake.ai) because every URL you check will be transmitted to that third party and may be logged. Do not submit URLs that contain sensitive tokens or credentials. Store the OUTTAKE_API_KEY securely (use a dedicated key for this agent if possible) and be mindful of the documented rate limits and any privacy/policy terms on Outtake. If you need offline or private scanning, this skill is not suitable because it relies on an external service.
Capability Analysis
Type: OpenClaw Skill
Name: domain-trust-check
Version: 1.2.2
The skill 'domain-trust-check' is designed to scan URLs for safety using the Outtake Trust API. It transparently uses `curl` to interact with `https://app.outtake.ai` for URL checks and API key registration. The skill requires an `OUTTAKE_API_KEY` environment variable for authentication, which is standard for API-based services. There is no evidence of data exfiltration beyond the necessary API key for authentication, no malicious execution patterns (e.g., `curl|bash`), no persistence mechanisms, and no prompt injection attempts against the agent. All actions are clearly aligned with the stated purpose of a URL safety scanner.
Capability Assessment
Purpose & Capability
The name/description (URL safety / domain reputation) align with the declared requirements: curl and OUTTAKE_API_KEY. All endpoints referenced are under app.outtake.ai and the included reference doc documents the same API surfaces. No unrelated services, binaries, or config paths are requested.
Instruction Scope
SKILL.md contains concrete curl examples for single and batch checks and a small registration flow to obtain OUTTAKE_API_KEY. It does not instruct the agent to read arbitrary files, credentials, or other environment variables, nor does it direct data to endpoints outside Outtake. Note: URLs (which may contain sensitive tokens) are sent to the third‑party Outtake API as intended by the skill.
Install Mechanism
No install spec or code to download — the skill is instruction-only and relies on existing curl being present. This is the lowest-risk install model and matches the declared required binary.
Credentials
Only a single API credential (OUTTAKE_API_KEY) is required and is justified by the documented Bearer auth. No unrelated secrets, keys, or config paths are requested. The SKILL.md uses that same environment variable and does not reference other undeclared env vars.
Persistence & Privilege
always is false (not force-included) and model invocation is allowed (platform default). The skill does not request persistent system changes, does not modify other skills, and does not require elevated privileges. Autonomous invocation is normal and not by itself a concern here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install domain-trust-check - After installation, invoke the skill by name or use
/domain-trust-check - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.2
Add support email ([email protected])
v1.2.1
Add example response to Quick Start, document >50 URL batch behavior
v1.2.0
Add example response to Quick Start, document >50 URL batch behavior
v1.1.2
Add example response to Quick Start, document >50 URL batch behavior
v1.1.1
Restructure for OpenClaw: unified registration endpoint, progressive disclosure with references/api.md
v1.1.0
Updated to use unified registration endpoint, removed duplicate bounty register references
v1.0.0
Initial release of the domain-trust-check skill:
- Scan URLs and domains for phishing, malware, brand abuse, and other web threats.
- Check single or batch (up to 50) URLs for safety and reputation via Outtake’s threat intelligence API.
- Clear verdict system: reports domains as safe, malicious, suspicious, or unknown, with recommended actions.
- Provides structured API responses including confidence scores and fields for quick decision-making.
- Handles rate limits and errors gracefully with helpful feedback.
- Requires an Outtake Trust API key for access.
Metadata
Frequently Asked Questions
What is Domain Trust Check?
URL safety scanner and domain reputation checker. Use when: checking if a URL is safe before visiting, scanning links in emails/messages, verifying domains f... It is an AI Agent Skill for Claude Code / OpenClaw, with 737 downloads so far.
How do I install Domain Trust Check?
Run "/install domain-trust-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Domain Trust Check free?
Yes, Domain Trust Check is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Domain Trust Check support?
Domain Trust Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Domain Trust Check?
It is built and maintained by hola (@jamesouttake); the current version is v1.2.2.
More Skills