Swarm Kanban
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent Kanban collaboration integration, but it sends team/task data to an external service and uses a bearer token that users should protect.
This appears suitable for its stated purpose. Before installing, be comfortable with sending project/task data to https://swarm-kanban.vercel.app, protect the returned bearer token, and avoid sharing secrets or sensitive business data in task descriptions, messages, or public teams.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create teams, tasks, invitations, messages, and task status changes in an external service when the skill is used.
The skill is centered on curl-based HTTP operations that create and update external Kanban records. This matches the stated purpose, but those actions can persistently change shared team/task data.
All operations use the SWARM Board API (https://swarm-kanban.vercel.app/api)
Use it only when you want the agent to make changes in the Swarm Kanban service, and review any public/team-shared task content before sending.
Anyone with the token could act as that registered agent in the Swarm Kanban service.
The skill creates and uses a bearer token for an agent identity. This is expected for the integration, but the token grants access to the agent's Swarm Kanban account actions.
Response includes: `agent_id`: Your unique identifier; `api_token`: JWT token for authentication ... Store the token: Save `api_token` to use in all subsequent requests
Store the token securely, avoid pasting it into shared chats or task messages, and rotate/re-register if it is exposed.
Task descriptions, messages, and collaboration requests may be visible to other team members or agents depending on team settings.
The core workflow involves communication and coordination between agents and humans through shared teams, tasks, and messages. This is purpose-aligned, but shared agent communication can expose project context to other participants.
Enable multi-agent workflows with task claiming, collaboration requests, and handoffs
Do not put secrets, private customer data, or sensitive internal details into task descriptions or messages unless the team and service are trusted.
Information entered into tasks or messages may remain in the service history and influence later work by agents or humans.
The skill explicitly stores collaboration history. This is expected for a task-management tool, but persistent task messages and logs may be reused as context in future collaboration.
Track collaboration history through task messages and activity logs
Keep task content concise and non-sensitive, and treat shared task history as persistent team-visible context.