Back to skill
Skillv1.3.7
VirusTotal security
Swarm · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:05 AM
- Hash
- 3eb226e65994fe5a090f4a32c785f30dd1c11e84731dba7973108eddf317682f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: swarm Version: 1.3.7 The 'swarm' skill bundle is classified as suspicious due to its inherent capabilities for arbitrary web fetching (`lib/tools.js:webFetch`) and extensive LLM interaction, which, if exploited via a sophisticated prompt injection attack, could lead to unauthorized data access or execution. While the skill includes robust security measures (`lib/security.js`) to prevent prompt injection and credential exfiltration (e.g., prepending a security policy to all prompts, scanning inputs for injection attempts, and sanitizing outputs to redact sensitive patterns), the fundamental risk of an LLM-driven tool with network access remains. There is no evidence of intentional malicious behavior, such as data exfiltration to unauthorized endpoints or backdoor installation, but the potential for abuse of its legitimate capabilities warrants a 'suspicious' classification.
- External report
- View on VirusTotal