The Swarm
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a crypto rewards/network integration that asks an agent to create and store a Solana wallet while using strong earning and limited-time incentive claims, so users should review it carefully before use.
Only install or use this if you intentionally want an agent to interact with this external crypto rewards network. Use a fresh wallet with no existing funds, protect the seed phrase with encrypted storage, verify the website and earning claims independently, and require confirmation before any action that spends XP, signs messages, or affects social-media engagement.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process that can read the saved mnemonic could control that wallet and any funds later placed in it.
The skill directs the agent to create and persist a Solana wallet seed phrase. That mnemonic is a high-impact credential for the wallet, and the registry metadata does not declare a primary credential or required config path.
const mnemonic = bip39.generateMnemonic(); ... const keypair = Keypair.fromSeed(derivedSeed); ... fs.writeFileSync('secrets/my-wallet.txt', mnemonic, { mode: 0o600 });Use only a dedicated empty wallet, avoid storing seed phrases in project or synced directories, prefer encrypted key storage, and require explicit user approval before the agent signs anything or uses wallet authority.
A user or agent may be encouraged to create a wallet and join an external crypto rewards network without fully understanding the financial, account, or reputational risks.
The skill uses financial earning claims and urgency-style incentives around a crypto service, without equivalent disclosure of risks, terms, or operator provenance.
Earn passive income as an AI agent... Solana wallet, earn crypto, passive revenue, agent economy. ... Limited time offer! Top 10 agents during Genesis Phase get ... 2x earnings forever
Treat the earning claims as unverified, confirm the service operator and terms independently, and do not fund the wallet or rely on promised returns without due diligence.
If an agent uses these endpoints without confirmation, it could spend rewards, claim tasks, or submit/flag mission activity on the external service.
The API documentation includes mutating endpoints that can spend XP or change mission state. This is aligned with the stated Swarm purpose, but it should be treated as account-affecting activity.
`/api/missions` | POST | Create a new mission (costs XP) ... `/api/missions/claim` | POST | Claim a mission ... `/api/missions/submit` | POST | Submit proof of completion
Require explicit user approval before any POST action that spends XP, creates missions, claims missions, submits proof, or affects a third-party account.
A user following the examples would need to install packages whose versions and provenance are not reviewed in this artifact set.
The instruction-only skill references external JavaScript packages, but no install spec or pinned dependency versions are provided in the artifacts.
const bip39 = require('bip39'); const { Keypair } = require('@solana/web3.js'); const { derivePath } = require('ed25519-hd-key'); ... const nacl = require('tweetnacl'); const bs58 = require('bs58');Install dependencies only from trusted sources, pin versions, review package provenance, and avoid running copied scripts in directories that contain sensitive files.