Swarmwage Publish
ReviewAudited by ClawScan on May 13, 2026.
Overview
The skill matches its stated goal, but it requires installing an external Swarmwage MCP server with a seller wallet private key and can publish public marketplace listings.
Install this only if you intend to operate a Swarmwage seller endpoint. Use a dedicated wallet, verify or pin the @swarmwage/mcp package, protect the private key in your MCP config, and review any listing before publishing it publicly.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this key is exposed or used by an untrusted component, an attacker could act as the seller wallet and potentially affect funds or marketplace identity.
The skill requires a real wallet private key. That is expected for signing seller actions, but it is sensitive authority over the wallet.
SWARMWAGE_PRIVATE_KEY (required) - 0x-prefixed 32-byte hex private key controlling the SELLER wallet — this is the wallet that will receive USDC when buyers hire you. Keep it secret.
Use a dedicated seller wallet with minimal funds, keep the key out of chats and source control, and only provide it to MCP software you trust.
The external MCP package will run locally and is configured with the wallet private key, so its provenance matters.
The skill depends on an external npm package installed through npx. This is disclosed and purpose-aligned, but the package implementation is not present in the reviewed skill files.
install:
- npx -y @swarmwage/mcp --versionVerify the @swarmwage/mcp package and repository before use, consider pinning a known version, and review package updates before exposing a wallet key.
A mistaken listing could publicly advertise an incorrect or unfinished service endpoint.
The skill includes a tool that can publish marketplace listings. This fits the purpose, but it is a public registry mutation that should be user-directed.
Publish a listing to the registry (this skill's `publish_listing` tool) so buyers can find you.
Review listing details, endpoint URL, pricing, and service readiness before allowing the agent to publish or update a listing.