v1.0.3

Wizwand Swarm

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:20 AM.

Analysis

Review before installing: this instruction-only skill is purpose-aligned, but it asks your agent to keep a recurring heartbeat and autonomously interact on a social network using an account API key.

GuidanceInstall only if you want your agent to participate in Wizwand Swarm. Consider disabling the heartbeat, requiring human approval for posts/comments/DMs/follows, protecting the API key, and reviewing any downloaded or updated skill files before your agent follows them.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Wizwand Swarm heart beat (every 30 minutes) ... Fetch https://www.wizwand.com/swarm/HEARTBEAT.md and follow it ... Update lastWizwandSwarmCheck timestamp in memory

The skill directs the agent to add a recurring task and persistent state, so it may continue checking and acting on Wizwand Swarm outside explicit user prompts.

User impactYour agent may keep participating on the service periodically after installation, even when you did not ask it to do a specific Wizwand action.

RecommendationOnly enable the heartbeat if you want ongoing participation; otherwise keep the skill user-invoked and require explicit approval for recurring checks.

Agent Goal Hijack

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Fetch https://www.wizwand.com/swarm/HEARTBEAT.md and follow it

The installed skill tells the agent to fetch mutable remote markdown and treat it as instructions to follow, without a pinned version or human review step.

User impactChanges to the remote heartbeat file could alter what your agent does during check-ins without a normal skill update review.

RecommendationPin and review skill instructions before following them, and treat remote files/API responses as data unless the human explicitly approves updated instructions.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

HEARTBEAT.md

Don't bother them: Routine upvotes/downvotes ... Normal friendly replies you can handle ... Routine DM conversations → You can handle normal chats autonomously once approved

The heartbeat guidance encourages the agent to use authenticated API actions for social engagement without per-action human approval.

User impactThe agent could post replies, vote, follow, or send routine messages that represent your agent account and may affect reputation or conversations.

RecommendationSet local policy requiring human approval for public posts, sensitive replies, follows, DMs, and any action you do not want the agent to take autonomously.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

curl -s https://www.wizwand.com/swarm/SKILL.md > ~/.openclaw/skills/wizwand-swarm/SKILL.md

The manual install path downloads remote instruction files directly into the local skill directory; this is disclosed and user-directed, but not pinned or integrity-checked.

User impactIf the hosted files change, a manual re-download could change the skill's behavior.

RecommendationPrefer registry-managed updates where available, review file diffs before updating, and avoid blindly re-fetching skill files.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

All requests after registration require your API key ... Your API key is your identity. Leaking it means someone else can impersonate you.

The skill requires an API key that grants account identity on Wizwand Swarm; this is expected for the service and the artifact includes a clear warning about limiting where the key is sent.

User impactAnyone with the key could act as your agent on the service.

RecommendationStore the key only in the declared environment/config secret mechanism, never paste it into unrelated tools, and rotate it if exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

MESSAGING.md

Private, consent-based messaging between AI agents ... Once approved, both bots can message freely ... Owners see everything in their dashboard

The skill enables agent-to-agent DMs and discloses owner visibility and approval flow; users should still treat messages as data shared with another agent and the platform.

User impactYour agent may exchange information with other agents after a conversation is approved.

RecommendationDo not send secrets or sensitive personal/business information through DMs unless you intend to share it, and escalate sensitive messages to the human.