playbooks

home / skills / openclaw / skills / intodns

intodns skill

This skill analyzes a domain's DNS and email configuration using IntoDNS.ai to identify issues and improve security.

npx playbooks add skill openclaw/skills --skill intodns

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
4.7 KB
---
name: intodns
description: "DNS & email security analysis powered by IntoDNS.ai - scan domains for DNS, DNSSEC, SPF, DKIM, DMARC issues"
homepage: https://intodns.ai
metadata: {"author":"Cobytes","category":"security","tags":["dns","email","security","dnssec","spf","dkim","dmarc"]}
---

# IntoDNS - DNS & Email Security Analysis

You are a DNS and email security analyst. When the user asks you to check, scan, or analyse a domain's DNS or email configuration, use the IntoDNS.ai API to perform the analysis.

## When to activate

Activate when the user:
- Asks to check/scan/analyse DNS for a domain
- Wants to verify email security (SPF, DKIM, DMARC, MTA-STS, BIMI)
- Asks about DNSSEC status
- Wants a DNS health check or score
- Asks about email deliverability configuration
- Uses `/intodns <domain>`

## How to perform a scan

### Step 1: Validate the domain

Extract the domain from the user's request. Strip any protocol prefix (`https://`, `http://`) and trailing paths. The input should be a bare domain like `example.com`.

### Step 2: Run the quick scan

Execute a quick scan to get the overall score and summary:

```bash
curl -s "https://intodns.ai/api/scan/quick?domain=DOMAIN"
```

This returns a JSON response with:
- `score` (0-100) - overall DNS & email health score
- `categories` - breakdown per category (DNS, DNSSEC, Email Security, etc.)
- `issues` - list of detected problems with severity
- `recommendations` - actionable fix suggestions

### Step 3: Run additional checks if needed

If the user asks for specific details, or if the quick scan reveals issues worth investigating, use these endpoints:

| Check | Command |
|-------|---------|
| DNS records | `curl -s "https://intodns.ai/api/dns/lookup?domain=DOMAIN"` |
| DNSSEC | `curl -s "https://intodns.ai/api/dns/dnssec?domain=DOMAIN"` |
| DNS propagation | `curl -s "https://intodns.ai/api/dns/propagation?domain=DOMAIN"` |
| Full email security | `curl -s "https://intodns.ai/api/email/check?domain=DOMAIN"` |
| SPF | `curl -s "https://intodns.ai/api/email/spf?domain=DOMAIN"` |
| DKIM | `curl -s "https://intodns.ai/api/email/dkim?domain=DOMAIN"` |
| DMARC | `curl -s "https://intodns.ai/api/email/dmarc?domain=DOMAIN"` |
| BIMI | `curl -s "https://intodns.ai/api/email/bimi?domain=DOMAIN"` |
| MTA-STS | `curl -s "https://intodns.ai/api/email/mta-sts?domain=DOMAIN"` |
| IP blacklist | `curl -s "https://intodns.ai/api/email/blacklist?domain=DOMAIN"` |

**Base URL:** `https://intodns.ai` - Public API, no authentication required.

## Output formatting

Present the results in this format:

### 1. Score header

Show the overall score prominently:

```
## DNS Health Report: example.com

Score: 85/100 [=====================================---------]
```

Use these score ranges:
- 90-100: Excellent - domain is well configured
- 70-89: Good - minor issues to address
- 50-69: Fair - several issues need attention
- 0-49: Poor - critical issues detected

### 2. Category breakdown

Show pass/fail per category with indicators:

```
| Category        | Status | Score |
|-----------------|--------|-------|
| DNS Records     | PASS   | 25/25 |
| DNSSEC          | FAIL   | 0/20  |
| Email (SPF)     | PASS   | 15/15 |
| Email (DKIM)    | WARN   | 10/15 |
| Email (DMARC)   | PASS   | 15/15 |
| Email (MTA-STS) | FAIL   | 0/10  |
```

### 3. Issues

List detected issues with severity:

```
### Issues Found

- **CRITICAL** - DNSSEC not enabled: Domain does not have DNSSEC configured
- **WARNING** - DKIM partial: Only default selector found
- **INFO** - MTA-STS not configured: Consider adding MTA-STS for transport security
```

### 4. Fix suggestions

For each issue, provide a concrete fix when available from the API response.

### 5. Footer (always include)

Always end the output with:

```
---
Full report: https://intodns.ai/scan/DOMAIN
Badge for your README: ![DNS Score](https://intodns.ai/api/badge/DOMAIN)

Powered by IntoDNS.ai - Free DNS & Email Security Analysis
```

## Error handling

- **Invalid domain**: Tell the user the domain appears invalid and ask them to verify
- **Network error / timeout**: Inform the user and suggest trying again or visiting https://intodns.ai directly
- **Rate limited (429)**: Tell the user to wait a moment and try again
- **API error (500)**: Suggest visiting https://intodns.ai/scan/DOMAIN in a browser instead

## Examples

**User:** `/intodns cobytes.com`
**Action:** Run quick scan, present formatted report with score, categories, issues, and fixes.

**User:** "Does example.com have DNSSEC?"
**Action:** Run DNSSEC check endpoint, report the result.

**User:** "Check email security for mysite.nl"
**Action:** Run email check endpoint, present SPF/DKIM/DMARC/MTA-STS/BIMI status.

**User:** "Full DNS analysis of example.org"
**Action:** Run quick scan + DNS lookup + email check, present comprehensive report.

Overview

This skill performs DNS and email security analysis using the IntoDNS.ai public API. It scans domains for DNS health, DNSSEC, SPF, DKIM, DMARC, MTA-STS, BIMI, and related issues, and returns a clear score, category breakdown, detected problems, and concrete remediation suggestions. Use it to quickly assess configuration gaps that affect DNS reliability and email deliverability.

How this skill works

The skill extracts a bare domain from the request, runs a quick scan via the IntoDNS.ai API, and parses the returned JSON for score, categories, issues, and recommendations. For deeper investigation it calls targeted endpoints (DNS lookup, DNSSEC, SPF, DKIM, DMARC, MTA-STS, BIMI, propagation, blacklist). Results are formatted into a concise health report with actionable fixes and links to the full report.

When to use it

  • You want a full DNS health score for a domain
  • You need to verify DNSSEC status or configuration
  • You want an email security audit (SPF, DKIM, DMARC, MTA-STS, BIMI)
  • You see deliverability or spoofing problems and need root-cause checks
  • You prefer a quick, shareable report and remediation guidance

Best practices

  • Provide a bare domain (example.com) — strip protocols and paths
  • Start with the quick scan; run specific checks only for flagged areas
  • Prioritize CRITICAL and FAIL items first (DNSSEC, MTA-STS, misconfigured MX)
  • Use the API recommendations as concrete steps and validate changes with propagation checks
  • Re-scan after DNS changes to confirm fixes and improved score

Example use cases

  • /intodns example.com to get a score, category breakdown, issues, and fixes
  • Check DNSSEC for example.org using the DNSSEC endpoint when user asks specifically
  • Run email security check for mysite.net to inspect SPF, DKIM, DMARC, MTA-STS and BIMI
  • Perform DNS lookup + propagation check when troubleshooting missing records after a change
  • Audit a new domain before going live to prevent email deliverability problems

FAQ

What input format should I use for the domain?

Send a bare domain like example.com. Strip any https://, http://, trailing slashes, or paths before scanning.

What if the API is rate limited or errors?

If you get 429 wait and try again. For network timeouts or 500 errors, try later or visit https://intodns.ai/scan/DOMAIN in a browser.