Bloomfilter
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is clear, but it requires a crypto wallet private key and can make paid domain and DNS changes without clear spending or confirmation limits.
Use this only with a dedicated low-balance wallet and only if you trust Bloomfilter as a registrar. Confirm every paid registration, renewal, and DNS change manually, and review exact prices and records before allowing the agent to proceed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is misused or the key is exposed, the wallet could be used to authorize payments or authenticate as the user.
The skill requires a full EVM private key for payment authorization and account authentication, which is much more powerful than a scoped API token; the artifacts do not define spend limits or a dedicated low-balance wallet requirement.
EVM_PRIVATE_KEY is used locally by the agent's x402 HTTP client ... to sign EIP-3009 TransferWithAuthorization messages for USDC payments and to sign EIP-4361 SIWE messages for authentication.
Use a dedicated low-balance wallet only for this skill, avoid using a primary wallet key, and require explicit confirmation before any paid request.
A mistaken or overly autonomous agent action could buy or renew a domain, spend USDC, or change/delete DNS records.
The documented workflow can automatically complete paid requests and exposes registration, renewal, update, and delete actions without requiring an explicit approval step in the skill instructions.
The API returns HTTP 402 with payment details - your x402-compatible HTTP client handles payment automatically. ... POST /domains/register ... POST /domains/renew ... DELETE /dns/:domain/:recordId
Before retrying any 402 payment or changing DNS, show the domain, record, price, wallet, and action to the user and require a clear confirmation.
Bloomfilter will receive the domains you search or manage, DNS record contents, and your wallet address.
The skill clearly discloses that domain queries, DNS records, and the wallet address are sent to Bloomfilter’s API, which is expected for this service but is still sensitive account and infrastructure data.
https://api.bloomfilter.xyz/* | Domain queries, DNS records, wallet address | Domain search, registration, DNS management
Install only if you trust Bloomfilter with this domain and wallet metadata, and avoid submitting domains or DNS records you do not want the provider to see.