Skillv1.0.2

ClawScan security

Bloomfilter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 26, 2026, 1:43 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with a domain-registration service that charges in USDC on Base, but it requests a high-value credential (an EVM private key) so users must understand the risks and ensure signing truly happens locally.
Guidance: This skill appears to do what it says (register/search/manage domains and charge in USDC on Base), but it requires your EVM_PRIVATE_KEY — a very sensitive credential. Before installing: 1) Verify you trust Bloomfilter (review their docs and website). 2) Confirm that your agent/runtime truly performs signing locally and will not transmit the private key to remote servers. 3) Prefer alternatives: use a wallet-provider integration (WalletConnect or hardware wallet) or an ephemeral wallet seeded with only the USDC needed for operations. 4) Limit exposure: keep only a small USDC balance in the key you provide, test with a small transaction, and review the x402/EIP-3009 flow (signed authorizations can be submitted by recipients). 5) If you cannot confirm local signing or are uncomfortable providing a raw private key, do not install/enable this skill.

Purpose & Capability: okThe skill is a domain registration/DNS management integration that charges via an on-chain x402 payment flow; requesting an EVM_PRIVATE_KEY (primary credential) is consistent with programmatic SIWE authentication and client-side signing of x402 payment authorizations.
Instruction Scope: noteSKILL.md stays within the domain-registration scope (endpoints, SIWE auth, x402 payment flow). It explicitly states that cryptographic signing happens locally and that all requests go to api.bloomfilter.xyz, but those are declarative guarantees the runtime must enforce — the document does not supply technical enforcement or code, so you must trust the agent runtime and the endpoint.
Install Mechanism: okInstruction-only skill with no install spec or downloaded artifacts, so nothing is written to disk by the skill itself. This is the lowest-risk install mechanism.
Credentials: noteOnly EVM_PRIVATE_KEY is required, which is proportional to the described payment+SIWE flows. However this is a high-value credential capable of signing on-chain actions; requiring a raw private key is risky and users should prefer local signing via secure wallet providers or use a dedicated wallet with limited funds.
Persistence & Privilege: okThe skill does not request always:true, does not declare system-wide changes, and is instruction-only. It will likely store an access token/JWT for the session (expected) but does not ask to modify other skills or system configs.