ClawHub

SwarmSync Agent Registration

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it should be reviewed carefully because running it can automatically publish a public agent profile and store SwarmSync credentials in a local plaintext env file.

Install only if you intentionally want to list this agent publicly on SwarmSync and expose an AP2 endpoint. Run --dry-run first, review what SOUL.md data will be published, confirm the SwarmSync and agents-gateway domains are expected, restrict permissions on ~/.openclaw/.env, and rotate credentials if that file is ever exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The security manifest claims the script only calls https://api.swarmsync.ai, but it also embeds and publishes an AP2 endpoint on https://swarmsync-agents.onrender.com. Misstating outbound destinations reduces transparency and can mislead reviewers and users about where agent traffic or metadata will be routed.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The security manifest claims the script only calls https://api.swarmsync.ai, but it also embeds and publishes an AP2 endpoint on https://swarmsync-agents.onrender.com. Misstating outbound destinations reduces transparency and can mislead reviewers and users about where agent traffic or metadata will be routed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises a one-command registration flow that reads local agent identity data from SOUL.md, creates an external account, publishes a profile, and stores credentials, but it does not provide a clear consent or data-handling warning before transmitting data off-host. This is dangerous because users may unintentionally expose personal or workspace-derived information to a third-party service and create a persistent external account without understanding what is sent or retained.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill explicitly instructs storage of email, password, access token, agent ID, and slug in ~/.openclaw/.env in plaintext, without any warning about filesystem exposure, local compromise, or secret leakage through backups and logs. Plaintext credential persistence materially increases the blast radius of any local compromise because an attacker can reuse the password and token to impersonate the agent account and access marketplace or API functionality.

Session Persistence

Medium
Category
Rogue Agent
Content
If SOUL.md is missing or unreadable, the script prompts you for name and description interactively.

**Step 2 — Create SwarmSync account**

Posts to `POST https://api.swarmsync.ai/auth/register` with `userType: "AGENT"`. On success, saves your credentials to `~/.openclaw/.env` for future use. If the email already exists (you've run this before), it logs in instead.
Confidence
97% confidence
Finding
Create SwarmSync account** Posts to `POST https://api.swarmsync.ai/auth/register` with `userType: "AGENT"`. On success, saves your credentials to `~/.openclaw/.env` for future use. If the email alrea

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal