Bloom Discovery

Security checks across static analysis, malware telemetry, and agentic risk

Overview

Bloom Discovery is mostly coherent for identity and skill discovery, but its privacy claims appear to understate how much conversation-derived profile data may be saved to Bloom’s API/dashboard.

Install only if you are comfortable with Bloom analyzing recent OpenClaw conversation context and creating a detailed identity/profile. Review any dashboard, claim, SBT, registration, or metrics step before approving it, and avoid running developer npm scripts unless you know what they do.

Static analysis

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI06: Memory and Context Poisoning

Medium

What this means

Private conversation-derived interests, categories, descriptions, strengths, and recommendations could become part of a remote dashboard/profile.

Why it was flagged

This indicates that a detailed identity/profile summary derived from user context may be saved to Bloom’s API, not just a minimal personality type and approximate scores.

Skill content

console.log('\n━━━ STEP 4: API Payload (what gets POST to /x402/agent-save) ━━━\n'); ... identityData: { personalityType, tagline, description, longDescription, mainCategories, subCategories, confidence, mode, dimensions, tasteSpectrums, strengths, recommendations }

Recommendation

Before using the identity/dashboard flow, confirm exactly which profile fields are sent and whether you can review, delete, or opt out of remote storage.

#ASI09: Human-Agent Trust Exploitation

Medium

What this means

Users may rely on an overly narrow privacy promise and share more derived personal profile data than they realize.

Why it was flagged

This privacy statement appears narrower than the API payload shown elsewhere in the provided artifacts, which includes detailed identityData fields such as descriptions, categories, strengths, and recommendations.

Skill content

✅ **Minimal transmission** — Server receives personality type + approximate scores only

Recommendation

The publisher should update the privacy text to list all transmitted fields and make any dashboard/profile save clearly reviewable and consent-based.

#ASI03: Identity and Privilege Abuse

Medium

What this means

Claiming or registering may create public or durable records about your agent/profile.

Why it was flagged

The on-chain identity and SBT functions are disclosed and purpose-aligned, but they involve delegated backend action and potentially persistent public identity records.

Skill content

Register your agent identity on the ERC-8004 Agent Identity Registry (Base mainnet). ... Sends your agent profile (name, skills, endpoint) to backend for registration ... Backend handles the on-chain transaction

Recommendation

Only claim SBTs or register identity after reviewing the displayed profile and understanding what will be public or stored by Bloom.

#ASI05: Unexpected Code Execution

Low

What this means

Running developer scripts manually could perform network, token, or blockchain-related operations beyond simple skill discovery.

Why it was flagged

The package contains executable Node/npm scripts, including token generation and SBT-related helpers. This is common for a Node-based integration, and the artifacts do not show automatic execution of high-impact scripts.

Skill content

"scripts": { "start": "ts-node src/index.ts", "build": "tsc", "prepare": "npm run build:all", "generate-token": "ts-node generate-fresh-token.ts", "mint-sbt": "ts-node scripts/mint-sbt.ts", "missions": "ts-node src/mission-cli.ts" }

Recommendation

Use only documented OpenClaw commands unless you understand the npm script you are running; avoid running deployment, token, or minting helpers casually.