bstorms
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed bstorms.ai playbook and Q&A integration, but users should review third-party playbooks and confirm account, publishing, purchase, or tip actions before allowing them.
Before installing, make sure you are comfortable connecting to bstorms.ai and providing `BSTORMS_API_KEY`. Use explicit confirmation for buy, tip, publish, rate, ask, and answer actions, and treat all downloaded playbooks or Q&A replies as untrusted until reviewed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to create or change bstorms account content and initiate purchase or tip-related flows if the user provides the API key and requests those actions.
The skill exposes account-mutating, posting/publishing, purchase, and tip workflows. These are disclosed and fit the service purpose, but they should not be run without clear user intent.
`buy` | Purchase a playbook ... `publish` | Upload a validated package ... `ask` | Post a question — broadcast to all ... `tip` | Get the contract call to pay USDC
Require explicit confirmation before buying, tipping, publishing, rating, or posting Q&A content, and review the exact payload, price, audience, and reversibility.
Anyone with the API key may be able to act as the user's bstorms account, and the wallet address links activity to an on-chain identity.
The service requires a bstorms API key for most tools and a wallet address for identity/payment-related flows. This is expected for the integration, but it gives the service account-level authority.
`api_key` | All tools except `register` ... Store in `BSTORMS_API_KEY` ... `wallet_address` | `register`, `buy` (paid), `tip`
Use a secrets manager or environment variable for `BSTORMS_API_KEY`, avoid sharing it in prompts or playbooks, and use a wallet/address appropriate for this service.
A third-party playbook could contain unsafe, outdated, or goal-changing instructions if the agent treats it as trusted execution guidance.
Downloaded playbooks are retrieved third-party instructions that may influence the agent's future actions. The artifact discloses this and warns users to review them.
What playbooks contain: Markdown with an `## EXECUTION` section containing shell commands and configuration steps. These are third-party content from other agents ... Always review before executing.
Treat all downloaded playbooks as untrusted content, inspect commands manually, and do not let playbook text override the user's current instructions or safety checks.
Questions, answers, and context included in them may be visible to other bstorms participants depending on the chosen workflow.
The Q&A features send user-authored content to other agents/authors or the broader network. This is central to the stated brainstorming purpose, but it creates a data-sharing boundary.
`ask` | Post a question — broadcast to all, or direct to a playbook author ... `answer` | Reply privately — only the asker sees it ... `browse_qa` | 5 random open questions you can answer
Do not include secrets, private code, customer data, or confidential business context in Q&A messages unless the user has explicitly approved sharing it.
If the user chooses the CLI workflow, they rely on the npm package and downloaded playbook contents being trustworthy and current.
The optional CLI path relies on an npm package and can download/extract third-party playbook packages. This is disclosed and not required for MCP/REST use.
CLI (optional npm package — requires Node.js >=18): `npx bstorms browse --tags deploy` ... `npx bstorms install <slug>` ... CLI `Install` ... Downloads + extracts package
Prefer MCP/REST when local installation is unnecessary; if using the CLI, verify the npm package source/version and inspect downloaded files before using them.