← 返回 Skills 市场
michaelzhangty

ip-lookup

作者 MichaelZhangty · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
334
总下载
0
收藏
5
当前安装
2
版本数
在 OpenClaw 中安装
/install ip-lookup
功能描述
Lookup IP address or hostname details including geolocation, ASN/ISP, reverse DNS, RDAP/WHOIS network info, and optional AbuseIPDB reputation check without A...
使用说明 (SKILL.md)

IP Lookup

Zero-dependency network intelligence for any IP address or hostname. Combines four data sources into one clean terminal report: geolocation, reverse DNS, RDAP/WHOIS network block info, and optional AbuseIPDB reputation check.

No pip install required. Uses only Python 3 stdlib (urllib, socket, json, argparse). Works on any machine that has Python - no virtual environments, no dependency management.

Quick Start

python3 {baseDir}/scripts/ip_lookup.py 8.8.8.8
python3 {baseDir}/scripts/ip_lookup.py github.com

For a hostname, it auto-resolves to IP first, then runs all lookups.

What each panel shows

[Geo] Geolocation (always on)

Queries ip-api.com (45 req/min free, no key). Falls back to ipwho.is if ip-api.com fails.

Returns:

  • Country, country code, region, city, postal/ZIP code
  • Latitude and longitude coordinates
  • Timezone (e.g. America/ New_York)
  • ISP name and organisation
  • ASN in "AS12345 Name" format
  • Flags: PROXY, HOSTING/VPN, MOBILE - detected by ip-api.com heuristics

Example output for 8.8.8.8: IP Address 8.8.8.8 Country United States [US] Region Virginia City Ashburn Timezone America/New_York ISP Google LLC Org Google Public DNS ASN AS15169 Google LLC Flags HOSTING/VPN

[PTR] Reverse DNS (on by default, skip with --no-ptr)

Queries dns.google for the PTR record of the IP. Converts the IP to in-addr.arpa form internally. Returns the hostname if one exists, or "(no PTR record)" if none.

Useful for: identifying server hostnames, recognising CDN edge nodes (e.g. server- 13-35-12-1.fra50.r.cloudfront.net), confirming FCrDNS (forward-confirmed reverse DNS).

[RDAP] RDAP / WHOIS (on by default, skip with --no-rdap)

Queries rdap.arin.net first. Falls back to rdap.db.ripe.net for European IPs.

Returns:

  • Network name - registered handle for the IP block (e.g. APNIC-LABS, MSFT)
  • CIDR block(s) - prefix in CIDR notation (e.g. 1.1.1.0/24)
  • Abuse contact name and email - extracted from RDAP entities where roles includes "abuse"
  • Registration date and Last changed date

Example output for 1.1.1.1: Network Name APNIC-LABS CIDR Block(s) 1.1.1.0/24 Abuse Email [email protected] Registration 2011-08-10 Last Changed 2023-04-26

[Abuse] AbuseIPDB reputation (optional, requires free API key)

Queries api.abusei pdb.com with 90-day lookback. Returns:

  • Abuse confidence score 0-100 (0 = clean, 100 = confirmed malicious)
  • Total reports in past 90 days
  • Last reported timestamp
  • Usage type (e.g. Data Center/Web Hosting/Transit)
  • Domain associated with the IP

Score guide:

  • 0 = no reports, likely clean
  • 1-25 = low risk, possibly misconfigured server
  • 26-75 = suspicious, investigate further
  • 76-100 = high confidence malicious (scanner, spam source, Tor exit node, etc.)

All flags

Flag Effect
--json Full result as JSON (no ANSI codes, safe to pipe)
--abuse Enable AbuseIPDB panel (needs ABUSEIPDB_KEY env var)
--no-rdap Skip RDAP/WHOIS (faster, avoids rate limits)
--no-ptr
Skip reverse DNS PTR lookup

Common workflows

Fast geo-only lookup: python3 {baseDir}/scripts/ip_lookup.py 104.21.0.1 --no-rdap --no-ptr

Find abuse contact for a network: python3 {baseDir}/scripts/ip_lookup.py 185.220.101.1

Check if IP is flagged malicious: export ABUSEIPDB_KEY=your_key python3 {baseDir}/scripts/ip_lookup.py 185.220.101.1 --abuse

Scripting with JSON output: python3 {baseDir}/scripts/ip_lookup.py 8.8.8.8 --json | python3 -c
"import json,sys; d=json.load(sys.stdin); print(d['geo']['country'], d['geo']['as'])"

Investigate a hostname (auto-resolves): python3 {baseDir}/scripts/ip_lookup.py suspicious-domain.example.com

AbuseIPDB setup (one-time)

  1. Sign up free at https://www.abuseipdb.com/register
  2. Go to API tab in y our dashboard and create a key (free tier: 1000 checks/day)
  3. Run: export ABUSEIPDB_KEY=your_key_here

Technical notes

  • ANSI colour output is auto-disabled when stdout is not a TTY (pipes, CI, logs)
  • IPv6 addresses are supported for geolocation and RDAP; PTR lookup is IPv4-only
  • RDAP tries ARIN first (global coverage), retries RIPE directly if no data returned
  • ip-api.com rate limit: 45 requests/minute on the free tier; auto-falls back to ipwho.is
  • No caching - all calls are live; use --no-rdap --no-ptr for bulk queries
  • Script uses only Python 3 stdlib - no pip install needed
安全使用建议
This skill appears internally consistent and uses only standard Python libraries. Before installing/running, consider: (1) network lookups send the queried IP/hostname to public third-party services — avoid using it on sensitive internal/private addresses if you don't want that data shared, and expect rate limits; (2) if you enable the AbuseIPDB option you must set ABUSEIPDB_KEY — treat that key as sensitive; (3) you can inspect the bundled scripts (they are included) — they appear to only perform the described lookups. If you need an offline or privacy-preserving workflow, do not enable the script or run it in a restricted environment.
功能分析
Type: OpenClaw Skill Name: ip-lookup Version: 1.0.1 The ip-lookup skill is a standard network intelligence tool that performs geolocation, reverse DNS, and RDAP lookups using Python's standard library. It interacts with legitimate public APIs (ip-api.com, dns.google, arin.net) and optionally uses an environment variable (ABUSEIPDB_KEY) for reputation checks, which is consistent with its stated purpose in SKILL.md and scripts/ip_lookup.py.
能力评估
Purpose & Capability
The name/description match the code and SKILL.md: geolocation (ip-api/ipwho.is), PTR (dns.google), RDAP (ARIN/RIPE) and optional AbuseIPDB checks. The declared runtime requirement (python3) aligns with the provided Python script; no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and the script limit actions to network lookups for the target (DNS resolution, HTTP RDAP/geo/abuse queries). Note: every lookup sends the target IP/hostname to third-party services (ip-api.com, ipwho.is, dns.google, rdap.arin.net/ripe, and optionally api.abuseipdb.com), which is expected for this purpose but may reveal investigation targets to those providers.
Install Mechanism
No install spec; the skill is instruction-only and ships a standalone Python script that uses only the standard library. Nothing is downloaded or written to disk at install time beyond the included files.
Credentials
No required environment variables. The only sensible optional credential is ABUSEIPDB_KEY for the optional AbuseIPDB panel, which the SKILL.md documents. This is proportionate to the stated optional feature; no unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. It does not modify other skills or system configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ip-lookup
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ip-lookup 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Documentation formatting was simplified for better readability. - Example command blocks were updated to use consistent indentation and plain style. - The description and workflow notes now clarify that no pip install is required, Python 3 stdlib only. - Minor rewording throughout for conciseness; some sections shortened and bullet lists streamlined. - Emoji style in metadata changed from Unicode to Markdown.
v1.0.0
- Initial release of ip-lookup: zero-dependency tool for investigating any IP address or hostname. - Supports comprehensive geolocation data (country, city, ASN, ISP, flags) with ip-api.com and fallback to ipwho.is. - Provides reverse DNS (PTR) lookups using dns.google. - Fetches RDAP/WHOIS info (network name, CIDR block, abuse contact) from ARIN and RIPE databases. - Optional AbuseIPDB reputation check for abuse confidence scores (requires API key). - Includes JSON output mode and flexible CLI flags for customization.
元数据
Slug ip-lookup
版本 1.0.1
许可证 MIT-0
累计安装 6
当前安装数 5
历史版本数 2
常见问题

ip-lookup 是什么?

Lookup IP address or hostname details including geolocation, ASN/ISP, reverse DNS, RDAP/WHOIS network info, and optional AbuseIPDB reputation check without A... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 334 次。

如何安装 ip-lookup?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ip-lookup」即可一键安装,无需额外配置。

ip-lookup 是免费的吗?

是的,ip-lookup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

ip-lookup 支持哪些平台?

ip-lookup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 ip-lookup?

由 MichaelZhangty(@michaelzhangty)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论