← 返回 Skills 市场
eronmmer

Bloomfilter

作者 Erons · GitHub ↗ · v1.0.2
cross-platform ✓ 安全检测通过
346
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install bloomfilter
功能描述
Search, register, and manage domains via Bloomfilter x402 API - pay with USDC on Base
使用说明 (SKILL.md)

Bloomfilter - Domain Registration API

Base URL: https://api.bloomfilter.xyz

Paid endpoints use the x402 payment protocol. The API returns HTTP 402 with payment details - your x402-compatible HTTP client handles payment automatically.

EVM_PRIVATE_KEY is used locally by the agent's x402 HTTP client (@x402/axios or @x402/fetch) to sign EIP-3009 TransferWithAuthorization messages for USDC payments and to sign EIP-4361 SIWE messages for authentication. The private key never leaves the local machine and is never sent to any server. All cryptographic signing happens client-side in the agent runtime.

DNS and account endpoints require authentication via SIWE (Sign-In With Ethereum). Authenticate once, then pass the JWT as a Bearer token.

Authentication (SIWE)

GET /auth/nonce -> Returns { nonce, domain, uri, chainId, version, expiresIn }

POST /auth/verify Body: { "message": "\x3CEIP-4361 SIWE message>", "signature": "0x..." } -> Returns { accessToken, refreshToken, walletAddress }

POST /auth/refresh Body: { "refreshToken": "..." } -> Returns new { accessToken, refreshToken }

POST /auth/revoke (requires Bearer token) -> Revokes all sessions for the authenticated wallet

Domain Search & Pricing (free, no auth)

GET /domains/search?query=example&tlds=com,io,xyz -> Returns availability and pricing for each TLD. The tlds parameter is optional.

GET /domains/pricing -> Returns pricing for all supported TLDs

GET /domains/pricing/:tld -> Returns pricing for a single TLD (e.g., /domains/pricing/com)

Domain Registration (x402 - dynamic pricing)

POST /domains/register Body: { "domain": "example.com", "years": 1 } years defaults to 1 if omitted. Optional: "dns_records": [{ "type": "A", "host": "@", "value": "1.2.3.4" }] Supported dns_records types: A, AAAA, CNAME, MX, TXT, SRV, CAA Each record also accepts optional "ttl" (300-86400, default 3600) and "priority" (for MX/SRV) -> First call returns 402 with exact price. Retry with x402 payment to complete. -> Returns 201 on success, or 202 with a job ID for async provisioning.

POST /domains/renew Body: { "domain": "example.com", "years": 1 } years defaults to 1 if omitted. -> Same two-phase x402 flow as registration.

Domain Info (free, no auth)

GET /domains/:domain -> Returns domain status, expiry, nameservers, lock/privacy state. Note: Only works for domains registered through Bloomfilter.

Job Status (free, no auth)

GET /domains/status/:jobId -> Poll for async registration status. Returns 200 (done), 202 (pending), or 500 (failed).

DNS Management (requires Bearer token)

Mutations cost $0.10 USDC each (x402). Listing is free.

IMPORTANT: Always add, update, or delete DNS records one at a time (sequentially, not in parallel). After registering a new domain, wait at least 30 seconds before adding DNS records — the DNS zone may not be ready immediately.

GET /dns/:domain -> List all DNS records

POST /dns/:domain Body: { "type": "A", "host": "@", "value": "1.2.3.4" } Optional: "ttl" (300-86400, default 3600), "priority" (for MX/SRV) Supported types: A, AAAA, CNAME, MX, TXT, NS, SRV, CAA

PUT /dns/:domain/:recordId Body: { "host": "@", "value": "5.6.7.8" } At least one field required. Optional: host, value, ttl, priority.

DELETE /dns/:domain/:recordId -> Deletes the record

Account (requires Bearer token, free)

GET /account -> Account summary (wallet, domain count, total spent)

GET /account/domains?limit=50&offset=0 -> Paginated list of owned domains

GET /account/transactions?limit=50&offset=0 -> Paginated transaction history

Notes

  • All paid requests require an x402-compatible HTTP client with USDC on Base (chain ID 8453)
  • WHOIS privacy is enabled by default on all registrations
  • Docs: https://docs.bloomfilter.xyz

External Endpoints

URL Data Sent Purpose
https://api.bloomfilter.xyz/* Domain queries, DNS records, wallet address Domain search, registration, DNS management

No data is sent anywhere else. All requests go to the Bloomfilter API only.

Security & Privacy

  • Your EVM_PRIVATE_KEY never leaves your local machine — it is used locally to sign x402 payment authorizations and SIWE messages
  • The API receives your wallet address (derived from the key) but never the private key itself
  • WHOIS privacy is enabled by default on all registrations — your identity is never exposed in public WHOIS records
  • All API communication is over HTTPS

Trust

This skill connects to api.bloomfilter.xyz to register ICANN domains and manage DNS records. Payments are made in USDC on Base via the x402 protocol. Your private key stays local. Install only if you trust Bloomfilter (https://bloomfilter.xyz) as a domain registration provider.

安全使用建议
This skill appears to do what it says (register/search/manage domains and charge in USDC on Base), but it requires your EVM_PRIVATE_KEY — a very sensitive credential. Before installing: 1) Verify you trust Bloomfilter (review their docs and website). 2) Confirm that your agent/runtime truly performs signing locally and will not transmit the private key to remote servers. 3) Prefer alternatives: use a wallet-provider integration (WalletConnect or hardware wallet) or an ephemeral wallet seeded with only the USDC needed for operations. 4) Limit exposure: keep only a small USDC balance in the key you provide, test with a small transaction, and review the x402/EIP-3009 flow (signed authorizations can be submitted by recipients). 5) If you cannot confirm local signing or are uncomfortable providing a raw private key, do not install/enable this skill.
功能分析
Type: OpenClaw Skill Name: bloomfilter Version: 1.0.2 The skill is designed for domain and DNS management, requiring an EVM_PRIVATE_KEY for local cryptographic signing of payments and authentication messages. The SKILL.md explicitly states that the private key never leaves the local machine and is not sent to any server. All network communication is declared to be exclusively with `https://api.bloomfilter.xyz` for its stated purpose. There is no evidence of prompt injection attempts, data exfiltration to unauthorized endpoints, malicious execution, or persistence mechanisms within the provided documentation. The instructions for the agent are operational and directly related to the skill's functionality.
能力评估
Purpose & Capability
The skill is a domain registration/DNS management integration that charges via an on-chain x402 payment flow; requesting an EVM_PRIVATE_KEY (primary credential) is consistent with programmatic SIWE authentication and client-side signing of x402 payment authorizations.
Instruction Scope
SKILL.md stays within the domain-registration scope (endpoints, SIWE auth, x402 payment flow). It explicitly states that cryptographic signing happens locally and that all requests go to api.bloomfilter.xyz, but those are declarative guarantees the runtime must enforce — the document does not supply technical enforcement or code, so you must trust the agent runtime and the endpoint.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts, so nothing is written to disk by the skill itself. This is the lowest-risk install mechanism.
Credentials
Only EVM_PRIVATE_KEY is required, which is proportional to the described payment+SIWE flows. However this is a high-value credential capable of signing on-chain actions; requiring a raw private key is risky and users should prefer local signing via secure wallet providers or use a dedicated wallet with limited funds.
Persistence & Privilege
The skill does not request always:true, does not declare system-wide changes, and is instruction-only. It will likely store an access token/JWT for the session (expected) but does not ask to modify other skills or system configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bloomfilter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bloomfilter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fix security scan: removed unnecessary curl dependency, added cryptographic signing implementation details
v1.0.1
Fix security scan: removed unnecessary curl dependency, added cryptographic signing implementation details
v1.0.0
Initial release
元数据
Slug bloomfilter
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Bloomfilter 是什么?

Search, register, and manage domains via Bloomfilter x402 API - pay with USDC on Base. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 346 次。

如何安装 Bloomfilter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bloomfilter」即可一键安装,无需额外配置。

Bloomfilter 是免费的吗?

是的,Bloomfilter 完全免费(开源免费),可自由下载、安装和使用。

Bloomfilter 支持哪些平台?

Bloomfilter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Bloomfilter?

由 Erons(@eronmmer)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论