by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears coherent with its stated purpose, but standard caution is advised: (1) confirm the PyPI package name and the GitHub repo (https://github.com/swarm-ai-safety/swarm) match what you expect before installing; (2) install in a virtual environment or sandbox; (3) do not bind the API to 0.0.0.0 or expose it to untrusted networks; (4) do not include real API keys, passwords, or PII in scenario YAMLs; (5) if you need higher assurance, review the package source on GitHub or the PyPI rel...详细分析 ▾
✓ 用途与能力
Name/description (multi-agent safety research) align with the instructions (pip-installable Python package, simulation API, CLI). The skill does not request unrelated resources (no cloud creds, no unusual binaries).
✓ 指令范围
SKILL.md focuses on running local simulations, CLI usage, and a localhost-only API. It explicitly warns not to expose the dev API, not to include real credentials/PII in scenarios, and treats results as research artifacts. The instructions do not direct the agent to read unrelated system files or exfiltrate data.
✓ 安装机制
No install spec in registry (instruction-only). SKILL.md recommends standard pip installs or cloning the GitHub repo — common, well-understood install methods with no opaque download URLs.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. The SKILL.md does show that agent registration returns an api_key for local API use — appropriate and proportional to the stated API functionality.
✓ 持久化与权限
always is false and the skill is user-invocable. The SKILL.md says storage is in-memory by default and warns about production deployment changes; it does not request permanent agent-level privileges or modify other skills.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.7.12026/2/23
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install swarm-safety
镜像加速npx clawhub@latest install swarm-safety --registry https://cn.longxiaskill.com