ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Grok Swarm

v1.0.9

Refactors code using Grok 4.20 multi-agent swarm to improve readability, maintain behavior, add modern patterns, and explain changes.

0· 95·0 current·0 all-time
byBilly Brenner@khaentertainment
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md align with the described purpose (bridge to Grok 4.20 for analysis/refactor/write). However the package metadata lists no required env vars while the SKILL.md and grok_bridge.py clearly require an OpenRouter API key. grok_bridge.get_api_key also attempts to read several OpenClaw auth-profiles.json paths to locate credentials — this is more expansive than the SKILL.md explains and may access unrelated stored auth profiles.
!
Instruction Scope
SKILL.md instructs the user to set OPENROUTER_API_KEY or a config file and describes file-writing features. The implementation goes beyond that: the CLI supports an --execute option that runs an arbitrary shell command (subprocess.run with shell=True), and the bridge will read local OpenClaw auth files to find keys. File-writing functions attempt to validate paths (good) but the tool can write files to disk (and the installer copies into ~/.openclaw). These behaviors are within the realm of a refactoring bridge but are not fully documented in the metadata and increase risk.
Install Mechanism
No registry install spec is provided (instruction-only), but the repository includes an install.sh that copies files into ~/.openclaw, creates a venv, and pip-installs openai. The script must be run manually, but it performs filesystem writes and package installs. This is expected for a plugin installer, but you should inspect and run it only in a controlled context.
!
Credentials
Metadata declares no required env vars though SKILL.md and code require OPENROUTER_API_KEY (or config file). The bridge also attempts to read multiple OpenClaw auth profile files to locate keys—this scope of credential access is broader than advertised. There are also optional integrations (Morph/Claude MCP) that rely on local CLI tools (claude mcp) called via subprocess. Requiring/reading secrets from multiple local config places without declaring them is disproportionate.
Persistence & Privilege
always:false (good). The skill does not request permanent platform-wide privileges in the manifest. However, it includes facilities that can modify disk (write code files), run external CLI tools, and execute arbitrary shell commands via --execute. If an agent invokes the skill autonomously, those capabilities increase the blast radius—consider limiting autonomous invocation or restricting allowed command usage.
What to consider before installing
What to consider before installing: - Expect to provide an OpenRouter API key (OPENROUTER_API_KEY) or add it to ~/.config/grok-swarm/config.json; note the registry metadata did not declare this requirement—check before installing. - The bridge will search several OpenClaw auth-profiles.json locations for keys. If you store other credentials there, be aware the skill will read those files while searching for a key—inspect grok_bridge.get_api_key if this concerns you. - The CLI supports writing files to disk (with a dry-run default) and has an --execute option that runs arbitrary shell commands (subprocess.run with shell=True). Avoid enabling --execute or --apply unless you trust the returned content and run in a sandbox. - The included install.sh will copy files into ~/.openclaw and create a Python venv and pip-install packages; review the script and run it manually in a controlled environment (or container) rather than blindly executing. - If you plan to enable this skill for autonomous agents, restrict its permissions (limit output-dir, do not expose sensitive config directories) or require manual invocation. Review the code (grok_bridge.py, cli.py) yourself, and consider running initial tests in an isolated VM/container. - If you need higher assurance, request the publisher/source (none provided) or a signed release hosted on a known release host; absence of a homepage/source is an additional trust gap.
bridge/index.js:153
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c7t7feaabnv7eczzmq0w0yx836jk4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments