← 返回 Skills 市场

Domain Trust Check

Name: Domain Trust Check
Author: jamesouttake

作者 hola · GitHub ↗ · v1.2.2

cross-platform ✓ 安全检测通过

737

总下载

当前安装

版本数

在 OpenClaw 中安装

/install domain-trust-check

功能描述

URL safety scanner and domain reputation checker. Use when: checking if a URL is safe before visiting, scanning links in emails/messages, verifying domains f...

使用说明 (SKILL.md)

Domain Trust Check

Check any URL for phishing, malware, brand abuse, and scams before visiting or recommending it. Powered by the Outtake Trust API.

Quick Start

Already registered? If OUTTAKE_API_KEY is set, skip to the curl command. Do not re-register.

curl -s -X POST https://app.outtake.ai/api/v1/trust/check \
  -H "Authorization: Bearer $OUTTAKE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://suspicious-site.com"}'
# → {"data": {"url": "...", "verdict": "malicious", "confidence": 0.92, "safe_to_visit": "unsafe", "recommended_action": "block", ...}}

Registration

One-time setup. The same key works across all Outtake skills.

curl -s -X POST https://app.outtake.ai/api/v1/agent/register \
  -H "Content-Type: application/json" \
  -d '{"name": "my-agent", "email": "[email protected]"}'

Save the returned api_key — it is only shown once:

export OUTTAKE_API_KEY="outtake_..."

Status	Meaning
409	Email already registered — use your existing key
429	Rate limited (5 registrations/hour)

Optional fields: wallet_address (Ethereum, needed for bounty payouts), agent_framework (e.g. "langchain").

Interpreting Results

verdict	safe_to_visit	Action
`malicious`	`unsafe`	Block. Do NOT visit. Warn the user.
`suspicious`	`safe` or `unsafe`	Warn the user. If `unsafe`, treat as malicious.
`safe`	`safe`	Safe to visit.
`unknown`	`unknown`	No data. Proceed with caution.

Confidence: 1.0 = human-reviewed, 0.7–0.99 = ML classification, 0.0 = no data.

Batch Checking

Check up to 50 URLs in one request using POST /trust/check-batch:

curl -s -X POST https://app.outtake.ai/api/v1/trust/check-batch \
  -H "Authorization: Bearer $OUTTAKE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"urls": ["https://link1.com", "https://link2.com"]}'

Use batch when checking 3+ URLs to reduce round trips. Requests with more than 50 URLs return 400.

Related Skills

outtake-bounty-network — Earn $5 USDC per verified malicious domain. Scan with trust-check, then submit confirmed threats. Same API key.

Support

Questions or feedback? Email [email protected]

安全使用建议

This skill is coherent with its stated purpose: it sends URLs to Outtake's trust API using your OUTTAKE_API_KEY. Before installing, confirm you trust Outtake (app.outtake.ai) because every URL you check will be transmitted to that third party and may be logged. Do not submit URLs that contain sensitive tokens or credentials. Store the OUTTAKE_API_KEY securely (use a dedicated key for this agent if possible) and be mindful of the documented rate limits and any privacy/policy terms on Outtake. If you need offline or private scanning, this skill is not suitable because it relies on an external service.

功能分析

Type: OpenClaw Skill Name: domain-trust-check Version: 1.2.2 The skill 'domain-trust-check' is designed to scan URLs for safety using the Outtake Trust API. It transparently uses `curl` to interact with `https://app.outtake.ai` for URL checks and API key registration. The skill requires an `OUTTAKE_API_KEY` environment variable for authentication, which is standard for API-based services. There is no evidence of data exfiltration beyond the necessary API key for authentication, no malicious execution patterns (e.g., `curl|bash`), no persistence mechanisms, and no prompt injection attempts against the agent. All actions are clearly aligned with the stated purpose of a URL safety scanner.

能力评估

✓ Purpose & Capability

The name/description (URL safety / domain reputation) align with the declared requirements: curl and OUTTAKE_API_KEY. All endpoints referenced are under app.outtake.ai and the included reference doc documents the same API surfaces. No unrelated services, binaries, or config paths are requested.

✓ Instruction Scope

SKILL.md contains concrete curl examples for single and batch checks and a small registration flow to obtain OUTTAKE_API_KEY. It does not instruct the agent to read arbitrary files, credentials, or other environment variables, nor does it direct data to endpoints outside Outtake. Note: URLs (which may contain sensitive tokens) are sent to the third‑party Outtake API as intended by the skill.

✓ Install Mechanism

No install spec or code to download — the skill is instruction-only and relies on existing curl being present. This is the lowest-risk install model and matches the declared required binary.

✓ Credentials

Only a single API credential (OUTTAKE_API_KEY) is required and is justified by the documented Bearer auth. No unrelated secrets, keys, or config paths are requested. The SKILL.md uses that same environment variable and does not reference other undeclared env vars.

✓ Persistence & Privilege

always is false (not force-included) and model invocation is allowed (platform default). The skill does not request persistent system changes, does not modify other skills, and does not require elevated privileges. Autonomous invocation is normal and not by itself a concern here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install domain-trust-check
安装完成后，直接呼叫该 Skill 的名称或使用 /domain-trust-check 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.2

Add support email ([email protected])

v1.2.1

Add example response to Quick Start, document >50 URL batch behavior

v1.2.0

Add example response to Quick Start, document >50 URL batch behavior

v1.1.2

Add example response to Quick Start, document >50 URL batch behavior

v1.1.1

Restructure for OpenClaw: unified registration endpoint, progressive disclosure with references/api.md

v1.1.0

Updated to use unified registration endpoint, removed duplicate bounty register references

v1.0.0

Initial release of the domain-trust-check skill: - Scan URLs and domains for phishing, malware, brand abuse, and other web threats. - Check single or batch (up to 50) URLs for safety and reputation via Outtake’s threat intelligence API. - Clear verdict system: reports domains as safe, malicious, suspicious, or unknown, with recommended actions. - Provides structured API responses including confidence scores and fields for quick decision-making. - Handles rate limits and errors gracefully with helpful feedback. - Requires an Outtake Trust API key for access.

元数据

Slug domain-trust-check

版本 1.2.2

许可证 —

累计安装 1

当前安装数 1

历史版本数 7

常见问题