ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GLM Swarm

v1.1.1

경량 모델 병렬 하네스. 명시적으로 swarm/병렬 처리를 요청하거나, AGENTS.md 하네스 규칙에 의해 복합 작업(도구 3회+, 독립 하위작업 2개+)이 감지되었을 때만 사용. 단순 질답, 번역, 요약, 단일 도구 호출에는 절대 사용하지 않는다.

0· 55·0 current·0 all-time
by@mupengi-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (lightweight parallel model harness) match the included instructions and files: a planner initializes /tmp/swarm, workers use context packets and a shared scratchpad, and results are aggregated. No unrelated credentials, binaries, or external services are requested.
!
Instruction Scope
Runtime instructions require creating and manipulating /tmp/swarm, spawning subagents (sessions_spawn) and writing/reading worker files. The included cleanup.sh takes an arbitrary task-id and does rm -rf ${SWARM_BASE}/${1} without sanitization — a malicious or malformed task-id could enable path traversal and deletion outside /tmp/swarm. The SKILL.md forbids accessing ~/.secrets and system memory files, but those are only advisory and not enforced by the scripts.
Install Mechanism
No install spec; scripts are bundled in the skill and nothing is downloaded or executed from external URLs. This is low-risk from an installation code-fetch perspective.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Its resource access (temporary /tmp directories and a 'memory/...' result path) is proportionate to a local orchestration tool.
Persistence & Privilege
always:false and no special OS restrictions. The skill can be invoked autonomously (disable-model-invocation:false) and spawns subagents; autonomous invocation combined with the unsafe cleanup behavior raises the blast radius if an agent were to pass untrusted input. This is not automatically malicious but worth caution.
What to consider before installing
This skill appears to implement the advertised swarm orchestration, but review and harden the included scripts before use. Specific recommendations: 1) Do not run cleanup.sh or planner.sh as root; test in an isolated container or ephemeral VM. 2) Add input validation/sanitization to planner.sh and cleanup.sh to reject ../ or absolute paths (or restrict TASK_ID to a safe whitelist/regex). 3) Prefer generating task IDs server-side (by the planner) rather than accepting arbitrary user-provided IDs. 4) Confirm your platform enforces the SKILL.md prohibitions (workers must not be able to access ~/.secrets or edit MEMORY.md). 5) If you allow autonomous agent invocation, limit its scope or monitor runs until you are confident the sanitization and access controls are correct.

Like a lobster shell, security has layers — review code before you run it.

latestvk973zp32menqrm04m8heeerscs84v0fb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments