Deep due diligence workflow for expired or expiring domains. Call when a user wants to evaluate an expired domain's history, SEO value, safety, and commercial potential before backordering or acquiring it — including as a follow-up when browsing results from expired or deleted tools. Do NOT call ...
Risk signalsBulk/mass operation — affects multiple targets
Part of the DomainKits server.
Free to start. No card required.
AI agents may call expired_analysis to permanently remove or destroy resources in DomainKits. Without a policy, an autonomous agent could delete critical data in a loop with no way to undo the damage. PolicyLayer blocks destructive tools by default and requires explicit human approval before enabling them.
Without a policy, an AI agent could call expired_analysis in a loop, permanently destroying resources in DomainKits. There is no undo for destructive operations. PolicyLayer blocks this tool by default and only allows it when a human explicitly approves the action.
Destructive tools permanently remove data. Block by default. Only enable with explicit approval workflows.
{
"version": "1",
"default": "deny",
"hide": [
"expired_analysis"
]
}See the full DomainKits policy for all 38 tools.
These attack patterns abuse exactly the kind of access expired_analysis gives an agent. Each links to the full case and the policy that stops it:
Other destructive tools across the catalogue. The same approach applies to each: deny by default, or require human approval.
Deep due diligence workflow for expired or expiring domains. Call when a user wants to evaluate an expired domain's history, SEO value, safety, and commercial potential before backordering or acquiring it — including as a follow-up when browsing results from expired or deleted tools. Do NOT call if the domain is not in any expired status (use analyze instead), if the user wants domain name ideas (use name_advisor), or if the user wants to check availability of a new domain (use available). This is a multi-turn workflow. Stop and wait for user input at every checkpoint. Workflow: 1. Status Verification — run whois first. Confirm the domain is actually in an expired status (expired, redemption, pending-delete). If it is NOT expired, stop immediately, inform the user, and hand off to the analyze workflow. This gate check is mandatory. 2. Data Collection — gather all available data in parallel: safety (Google Safe Browsing — critical risk signal for expired domains), dns (residual records indicate previous usage), keyword_data (search volume and CPC for commercial value), tld_check (cross-TLD registration count as popularity signal), web_fetch the Wayback Machine timeline (https://web.archive.org/web/*/{domain}) for historical usage, and web_search site:{domain} to check residual Google indexing. 3. Due Diligence Report — synthesize all findings into a structured report covering: domain status and key dates, safety warnings, keyword commercial value, historical usage from Wayback, Google index status, cross-TLD distribution, and consolidated risk/opportunity signals. Then ask the user about their goal (SEO recovery, brand building, or investment/resale) and whether they want to explore specific aspects further. Let the user choose the direction — do not decide for them. 4. Tailored Follow-up — based on user's stated goals, guide them to the appropriate next step: backorder process and timeline, set_monitor for status tracking, plan_b for alternatives, valuation_cma for market context, or brand_match before committing. Key principles: - Present facts and acquisition opportunities. Do NOT make buy/don't-buy judgments. - Objectively flag ALL risk signals — do not downplay or hide them. - Backorderable domains must include backorder_url (Gname affiliate). - Always include Wayback link: https://web.archive.org/web/*/{domain} - Always include deep analysis link: https://dataforseo.com/?aff=199596 - Disclose affiliate links.. It is categorised as a Destructive tool in the DomainKits MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the DomainKits MCP server in PolicyLayer and add a rule for expired_analysis: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches DomainKits. Nothing to install.
expired_analysis is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the expired_analysis rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for expired_analysis. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
expired_analysis is provided by the DomainKits MCP server (https://api.domainkits.com/v1/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 38 DomainKits tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.