by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This appears coherent for a local simulation framework, but follow standard precautions before installing or running: (1) run pip installs in an isolated virtualenv or container; (2) review the package source on the referenced GitHub repo before installing, especially if you plan to use extras like [llm] or [api]; (3) keep the API bound to localhost and behind firewalls — do not bind to 0.0.0.0 on untrusted networks; (4) never submit real API keys, credentials, or PII to scenarios; and (5) be aw...详细分析 ▾
✓ 用途与能力
Name/description (multi-agent safety simulation) align with the provided instructions and metadata: it documents agent types, scenarios, governance levers, and CLI/API usage. Nothing requested (no env vars, no unusual binaries) is disproportionate to a simulation/testing framework.
✓ 指令范围
SKILL.md stays on-topic: it explains installation (pip/git), local API startup (uvicorn binding to 127.0.0.1), CLI usage, and curl-based local endpoints. It explicitly warns not to expose the dev API and not to submit real API keys/PII. It does not instruct reading unrelated system files or exfiltrating data.
✓ 安装机制
Install instructions use pip and an upstream GitHub repository — standard, low-to-moderate risk for Python packages. No arbitrary binary downloads, no URL shorteners or personal IP-hosted archives are used in the instructions.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. The SKILL.md notes the API will return agent api_keys when run locally (expected behavior for a simulation server) but does not request unrelated secrets.
✓ 持久化与权限
No 'always' flag, default autonomous invocation is allowed (normal). The skill is instruction-only and does not request persistent or elevated system privileges or modify other skills' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.5.02026/2/7
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install swarm-2
镜像加速npx clawhub@latest install swarm-2 --registry https://cn.longxiaskill.com