openclaw skill for swarms ai
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent Swarms API documentation, but it includes high-impact Solana wallet private-key workflows that are under-declared and need careful review before use.
Review this skill carefully before using payment or token-launch features. The ordinary Swarms API examples are expected, but do not provide a main Solana wallet private key; use a low-balance burner wallet, verify endpoints, and set strict limits for autonomous swarms and MCP tools.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using a main wallet key here could expose funds or allow irreversible token/financial actions if the endpoint, code, or operator is not trusted.
The skill instructs users to send a Solana wallet private key to an external token-launch endpoint. A wallet private key grants full control over funds in that wallet, and the registry metadata declares no primary credential.
"private_key": "[1,2,3,...]" # Solana wallet private key ... "https://swarms.world/api/token/launch"
Only use a dedicated low-balance wallet, verify the Swarms endpoint independently, review all costs and transactions, and avoid providing any wallet key that controls important assets.
A service receiving this header may be able to control the wallet, not just collect a limited payment.
The ATP payment flow documents sending a wallet private key in a request header. That is a high-impact credential exposure pattern even though it is disclosed as part of the payment protocol.
Client sends request with wallet private key in header ... wallet_private_key_header="x-wallet-private-key"
Prefer protocols that sign transactions locally or use scoped payment authorization; if this workflow is unavoidable, use a separate low-balance wallet and trusted endpoints only.
A loosely configured swarm could spawn work beyond what the user intended or create unexpected provider costs.
The skill documents autonomous sub-agent delegation and a fire-and-forget mode. This is aligned with multi-agent orchestration but can continue work or incur costs if not bounded.
`max_loops`: `"auto"` (enables autonomous agent loop) ... `selected_tools`: `"all"` ... `wait_for_completion: false` — fire-and-forget
Set explicit loop limits, avoid `selected_tools: "all"` unless needed, and avoid fire-and-forget mode for sensitive or costly tasks.
Prompts, tasks, or bearer tokens could be shared with an MCP server the user configures.
The skill supports connecting agents to arbitrary MCP servers with authorization headers. This is a normal integration pattern, but it expands trust and data boundaries.
"mcp_config": { "url": "https://your-mcp-server.com", "headers": {"Authorization": "Bearer ..."} }Connect only to trusted MCP servers, use scoped tokens, and avoid sending sensitive tasks or credentials to unverified endpoints.
Installing the wrong or compromised package could affect the local Python environment.
The skill recommends installing an external SDK without a pinned version. This is user-directed and expected for an API integration, but users should verify the package source.
**Python SDK:** `pip install swarms-client`
Verify the package name and publisher, consider pinning a known-good version, and install in a virtual environment.