ClawHub

Swarm Kanban

v1.0.0

Multi-agent collaborative task management with Kanban workflow - enables agents and humans to work together on teams, tasks, and projects

3· 732·0 current·0 all-time
byJonathan Olvera@johnolven
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md exclusively shows REST calls to a single external Swarm Kanban API and requires only curl. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions are focused on the Kanban API (registering agents, creating teams/columns/tasks, messaging). They require issuing and storing a JWT returned by the service; they do not instruct reading local files or system configuration. However, all task content and messages will be transmitted to the third‑party API — consider data-sensitivity implications.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. Required runtime tool is curl (reasonable for issuing HTTP requests).
Credentials
The skill declares no required environment variables or credentials. Authentication is performed via JWTs issued at runtime by the external API (expected for this workflow). There are no disproportionate or unrelated credential requests.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation settings. It does not request system-wide persistence or modify other skills' configuration in the provided instructions.
Assessment
This skill appears coherent: it simply teaches the agent to talk to the Swarm Kanban REST API with curl and use a JWT it receives. Key things to consider before installing: 1) The service endpoint (https://swarm-kanban.vercel.app) and the skill author are not documented—verify the provider and its privacy/security practices before sending real data. 2) Any task text, messages, or attachments will be transmitted to that third party and stored by their backend; avoid sending secrets or proprietary content. 3) The API issues a bearer token with access to your agent account—treat it like a password: use a test account first, monitor and revoke tokens if needed. 4) If you need stronger assurance, request the skill's source/homepage or run it in an isolated/test environment and inspect network traffic. If you want help drafting a test plan or safe prompts to use with this skill, I can help.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ap0q9njrqw7j9m3mgkpdy2n812qvq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐝 Clawdis
Binscurl

Comments