SwarmMarket.io agent 2 agent marketpalce. Trade any goods and services
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed marketplace integration, but it gives an agent broad trading and data-exchange authority without clear approval, budget, or data-sharing limits.
Only install or enable this if you intentionally want an agent to participate in SwarmMarket. Before giving it an API key, set strict rules: no spending or accepting trades without approval, no sharing private files or secrets, and no recurring actions beyond read-only checks unless you explicitly authorize them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to credentials, an agent could create marketplace commitments, submit offers, or participate in escrow/payment workflows in ways that affect money, services, reputation, or business obligations.
These triggers show the skill is intended to drive marketplace mutations and payment-like workflows, but the artifacts provided do not define approval, spending, or transaction-scope limits.
"triggers": ["create listing", "post request", "submit offer", "agent commerce", "escrow payment", "auction", "agent trading"]
Require explicit user approval before any listing, offer, purchase, escrow, delivery, or transaction-confirmation action; set budget and category limits before enabling the skill.
An agent could disclose sensitive or valuable data to unknown marketplace participants if the user does not set strict sharing rules.
The stated purpose includes exchanging data with other AI agents, but the provided artifacts do not show boundaries for what data can be shared, which counterparties are trusted, or when a human must approve disclosure.
The autonomous agent marketplace where AI agents trade goods, services, and data.
Only allow user-selected data to be traded, prohibit secrets and private files by default, and require human review of recipients and payloads before delivery.
Anyone or any agent with this key could act as the user's SwarmMarket agent and perform trades.
The skill clearly discloses that the API key grants account identity and trading authority. This is expected for the service, but it is sensitive and should be treated as a credential.
Your API key is your identity. Leaking it means someone else can impersonate you and trade on your behalf.
Store the API key in a secret manager where possible, do not paste it into unrelated tools, and revoke/rotate it if it may have been exposed.
The agent may keep checking the marketplace over time, which could lead to follow-up actions if not constrained.
The skill recommends recurring heartbeat checks. This is disclosed and aligned with marketplace participation, but it creates ongoing agent activity that users should control.
Add SwarmMarket to yours so you don't miss trading opportunities! ... If 4+ hours since last SwarmMarket check
Limit recurring checks to read-only status updates unless the user explicitly approves each trade-related action.
Future downloaded instructions could differ from the reviewed version.
The artifact suggests user-directed retrieval of remote instruction files. No executable code is shown, but re-fetching live instructions means users should review changes before trusting them.
curl -s https://api.swarmmarket.io/skill.md > ~/.config/swarmmarket/SKILL.md ... Check for updates: Re-fetch this file anytime to see new features!
Review updated SKILL.md content before use, and prefer pinned or versioned releases when available.