功能描述

Agent-native discovery skill for the intent economy. Analyzes your MentalOS, matches use cases to your installed skills, lets you claim SBT proof, and option...

使用说明 (SKILL.md)

Bloom Discovery Skill

Name: Bloom Discovery
Author: bloomprotocol

Don't browse 13,000 skills. Browse use cases.

Bloom Discovery is an agent-native skill that analyzes how you work, matches you to curated use cases, verifies your configuration, and lets you claim on-chain proof — so your agent works for you, not the other way around.

Capabilities

1. Personality Analysis (MentalOS)

Reads your USER.md and conversation history (~120 messages) to map your builder personality across 4 dimensions:

Learning (學習風格): Try First ↔ Study First
Decision (決策風格): Gut ↔ Deliberate
Timing (採用時機): Pioneer ↔ Pragmatist
Focus (投入方式): All-In ↔ Diversified

Outputs: Personality type (Visionary / Explorer / Cultivator / Optimizer / Innovator), custom tagline, hidden pattern insight, AI edge guide. Includes displayLabels with en/zh translations for all sections.

2. Use Case Discovery

Intent-driven skill browsing. Instead of searching 13,000 skills, you describe what you want to accomplish and Bloom matches you to curated use cases — each a tested combination of skills.

Fetches use case catalog from Bloom API
Matches against your personality spectrum (novelty-seekers get new use cases, risk-averse skip DeFi)
Keyword frequency threshold (≥ 3 mentions) to avoid noise

3. Verify Configuration & Claim SBT

Scans your installed skills (~/.openclaw/skills/) and verifies whether you have the right setup for a given use case.

Compares installed skills against use case requirements
Shows match percentage and missing capabilities
Claim flow: verified config → POST /api/claim → mint SBT or get web link
SBT = on-chain proof that you have a verified configuration

4. ERC-8004 Identity Registration

Register your agent identity on the ERC-8004 Agent Identity Registry (Base mainnet).

Sends your agent profile (name, skills, endpoint) to backend for registration
Backend handles the on-chain transaction
Registry contract: 0x8004A169FB4a3325136EB29fA0ceB6D2e539a432

5. Usage Metrics (Opt-in)

Anonymized usage reporting to improve recommendations for everyone.

Reads local OpenClaw skill directory to count install days and usage frequency
Reports only: skill name + usage count (no conversation content, no personal data)
Opt-in only — never sends data without explicit user consent
POST /api/metrics with minimal payload

Security & Privacy

✅ Local analysis — Conversation text analyzed on your machine, never uploaded ✅ Local Differential Privacy (ε=1.0) — Spectrum scores noised via Laplace mechanism before transmission ✅ SHA-256 fingerprint — Conversation hashed locally; only irreversible hash stored for dedup ✅ Minimal transmission — Server receives personality type + approximate scores only ✅ Minimal writes — Writes only ~/.bloom/agent-id.json (returning user token, 0600 permissions) and bloom-discoveries.md (local sync log). Never modifies session files or USER.md ✅ Atomic file writes — Uses tmp+rename pattern to prevent corruption ✅ User-initiated — Only runs when you explicitly invoke the skill ✅ Opt-in metrics — Usage data never sent without consent ✅ Open source — Full source at github.com/bloomprotocol/bloom-discovery-skill

❌ Raw conversation text is never sent to any server ❌ Wallet private keys are never transmitted ❌ Personal identifiable information is never collected ❌ No background data collection — only runs on explicit invocation

Triggers

"generate my bloom identity"
"create my identity card"
"analyze me"
"what's my builder type"
"discover my personality"
"create my bloom card"
"find use cases for me"
"verify my config"
"claim my SBT"
"what use cases match my skills"

Data Sources

Primary: USER.md + Conversation History

USER.md — Declared role, tech stack, interests, working style. Injected as first-class text into the personality analyzer. Falls back gracefully if not present.
Conversation history — Always available from OpenClaw sessions. Analyzes topics, interests, engagement patterns.
Requires: Minimum 3 messages in your session. If less than 3 messages, the skill returns a clear error.

Secondary: Installed Skills

~/.openclaw/skills/ — Scanned locally for use case verification. Never uploaded.

Output

Personality type (Visionary / Explorer / Cultivator / Optimizer / Innovator)
Custom tagline and description
MentalOS spectrum (Learning, Decision, Novelty, Risk — each 0-100)
Hidden pattern insight + AI-era playbook
Main categories and subcategories
Matched use cases with verification status
Recommended skills from the Bloom skill catalog (with match scores)
Dashboard link at bloomprotocol.ai

Technical Details

Version: 4.0.1
Privacy: LDP ε=1.0 + SHA-256 fingerprint
Analysis Engine: MentalOS spectrum (4 dimensions) + category mapping
Primary Signal: Conversation memory (~120 messages) + USER.md
Processing Time: ~60 seconds (personality) + ~5 seconds (use case matching)
Output: Personality card + use case matches + tool recommendations + dashboard URL
Network: Base (mainnet) — configurable via NETWORK env var
On-chain: ERC-8004 Identity Registry + BloomExclusivePass SBT

Requirements

Node.js 18+
No API keys or secrets required — the skill works out of the box
Optional environment variables:
- BLOOM_API_URL — API URL (default: https://api.bloomprotocol.ai)
- DASHBOARD_URL — Dashboard URL (default: https://bloomprotocol.ai)

Installation

git clone https://github.com/bloomprotocol/bloom-discovery-skill.git
cd bloom-identity-skill
npm install

Built by Bloom Protocol

安全使用建议

What to check before installing/use: - Confirm expected env vars: the registry lists none but the repo and README reference JWT_SECRET, BLOOM_API_URL, DASHBOARD_URL and optional wallet envs. Treat JWT_SECRET as sensitive — do not set it unless you understand what tokens the skill will mint and who accepts them. - Avoid running developer/test scripts (generate-fresh-token.ts, test-* scripts) unless you intentionally want to create JWTs or test tokens. Those scripts require JWT_SECRET and will produce signed tokens and dashboard URLs. - Verify exactly what is sent to the Bloom backend: SKILL.md promises 'minimal transmission', but several test files build/POST identityData and recommendations. If you require strict offline analysis, inspect the code paths that call api.bloomprotocol.ai and run the skill offline or block that network endpoint. - Inspect openclaw-wrapper/execute.sh and scripts/run-from-session.ts to confirm they only read session files and do not upload raw conversation text. If you prefer, run the skill in a sandboxed environment first and monitor outgoing network calls (e.g., with a proxy or by setting BLOOM_API_URL to a local endpoint). - If you do not want files written into ~/.openclaw/skills, do not copy the openclaw-wrapper into your skills directory. Check what the wrapper will create before accepting it. - Run static audits: npm audit, review package.json scripts, and search source for any code that reads files outside the home directory or posts full conversation text. Pay attention to integrations (twitter/X, farcaster) that may access external accounts. Bottom line: the core functionality (local analysis + matching) appears coherent, but the repo contains scripts and configuration for token generation and networked flows that are not fully declared in the registry metadata — review and limit those before use.

功能分析

Type: OpenClaw Skill Name: bloom-discovery Version: 4.0.2 The Bloom Discovery skill is a well-architected tool for analyzing agent personality and matching use cases based on user history. While it accesses sensitive data including OpenClaw session logs (~/.openclaw/agents) and USER.md, the implementation follows security best practices, including path traversal guards in 'openclaw-session-reader.ts' and 'user-md-parser.ts'. The code demonstrates a high commitment to privacy by performing analysis locally and applying Local Differential Privacy (LDP) and SHA-256 hashing to data before transmitting derived metadata to 'api.bloomprotocol.ai'. No evidence of raw text exfiltration, credential theft, or unauthorized remote control was found.

能力评估

⚠ Purpose & Capability

The README/SKILL.md advertise local-only analysis and 'no API keys required', yet the repository and scripts reference environment configuration (JWT_SECRET in README and several test scripts), a BLOOM_API_URL, and code that posts identity/recommendation payloads to a remote API. mission-skill.json also declares BLOOM_API_URL and optional wallet envs. Asking for network and optional wallet parameters is coherent for claiming SBTs and dashboard features, but the registry metadata claimed no required envs/credentials which is inconsistent.

⚠ Instruction Scope

Runtime docs and scripts explicitly read conversation session files (~/.openclaw/agents/.../sessions/*.jsonl) and the installed-skill directory (~/.openclaw/skills/), which matches the stated behavior. However the codebase and tests build API payloads containing identityData and recommendations and show POSTs to /api/ endpoints. SKILL.md promises 'minimal transmission' and 'raw conversation text never sent', but test scripts assemble and (in simulation) would POST full identityData + recommendations — that gap between 'only top-level scores' vs. test payloads is a substantive mismatch. Also the project includes helper scripts that generate JWTs and dashboard URLs (generate-fresh-token.ts, test-with-real-analysis.ts) which, if run, create auth tokens tied to a secret.

ℹ Install Mechanism

The skill package is delivered with many code files but no install spec in the registry (instruction-only). That lowers automatic install risk, but the bundle contains runnable scripts and a package.json with dependencies (including puppeteer, viem, twitter-api-v2). If you run npm install / npm run scripts locally you will fetch many third-party packages; nothing is downloaded from an untrusted URL at install time, but executing the included scripts will run non-trivial code from the repo.

⚠ Credentials

Registry metadata declares no required env vars, but README, package.json scripts, and test files require or recommend JWT_SECRET, BLOOM_API_URL, DASHBOARD_URL, and (optionally) wallet-related envs. Several dev/test scripts will fail or throw if JWT_SECRET is missing. The presence of jwt signing and token-generation code (generate-fresh-token.ts, test-with-real-analysis.ts) means a secret named JWT_SECRET is meaningful and powerful; that is disproportionate to a purely local analyzer and should be explicitly declared and justified.

⚠ Persistence & Privilege

The SKILL.md claims minimal writes (only ~/.bloom/agent-id.json and bloom-discoveries.md). The docs also instruct copying an 'openclaw-wrapper' into ~/.openclaw/skills/ (writing into the agent skills directory). The package includes mission/mission-cli scripts that reference agent wallet and heartbeat behavior. While 'always' is false, the skill contains scripts and wrappers that, if installed/copied, will modify the user's ~/.openclaw/skills and write agent files — a legitimate feature but worth flagging because it changes your skills directory and can create dashboard tokens and agent wallets.

版本历史

v4.0.2

- Major overhaul with 31 new files and 6 removed, including updated scripts, tests, and documentation. - Simplified installation and setup: no API keys or secrets required; existing env vars are now optional. - Removed Node.js JWT secret requirement and related setup documentation. - Deprecated and removed contract-client, card-image, mint-identity, and skill-creator-tip modules. - Expanded test and script coverage, including e2e tests and new deployment/health scripts. - Updated documentation and technical details for version 4.0.2.

v4.0.1

Add email conversion funnel, remove fake apiKey, add claimUrl

v3.2.1

Mention MentalOS in description and How It Works, shift emphasis to discovery & recommendations, remove taste terminology

v3.2.0

Migrate all source links from GitLab to GitHub (github.com/bloomprotocol/bloom-discovery-skill)

v3.1.3

Fix display name

v3.1.2

Rename README title to Bloom Discovery Skill

v3.1.1

Remove outdated Twitter reference from README

v3.1.0

Rewrite SKILL.md: hook-style description, truthful Trust & Privacy section, remove bloat (330→187 lines), fix Zero-Knowledge→Minimal Data Design, add activation triggers

v3.0.0

MentalOS rebrand, single catalog source, full formatSuccessMessage rewrite

元数据

Slug bloom-discovery

版本 4.0.2

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 9

常见问题

Bloom Discovery 是什么？

Agent-native discovery skill for the intent economy. Analyzes your MentalOS, matches use cases to your installed skills, lets you claim SBT proof, and option... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 525 次。

如何安装 Bloom Discovery？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bloom-discovery」即可一键安装，无需额外配置。

Bloom Discovery 是免费的吗？

是的，Bloom Discovery 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Bloom Discovery 支持哪些平台？

Bloom Discovery 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Bloom Discovery？

由 Bloom Protocol（@bloomprotocol）开发并维护，当前版本 v4.0.2。

Bloom Discovery