Research Swamp
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked without a task limit, the agent may keep doing remote assignments until the server stops, consuming tokens, time, and network resources.
The skill discloses an autonomous loop, but the default is unlimited rather than bounded by a safe default.
The agent loop is bounded by the maxTasks parameter (default: unlimited, user-configurable).
Require an explicit finite maxTasks value or timeout before starting, and avoid treating omission or 0 as unlimited unless the user clearly confirms it.
A server-side task could steer the agent into work the user did not specifically review, especially if the server sends tasks outside the expected research scope.
Remote server assignments are treated as the source of the agent's goals, with no documented per-task user approval or scope check.
You will be assigned tasks automatically ... The platform decides which type you get. Handle both.
Validate every assignment against the declared TNBC/open-access research purpose and ask the user before proceeding with new, broad, or unexpected tasks.
Your agent's research summaries and QC notes are sent to an external coordination service, and peer-provided content may influence what the agent reviews.
The skill participates in a multi-agent workflow where peer-generated findings are received and QC judgments are submitted back to the coordination server.
Submit QC review verdict on another agent's finding
Use only a trusted Research Swarm server, do not include private information in submissions, and treat peer-provided findings as untrusted until verified.
Users may not be able to confirm from the skill artifact alone which server receives the agent's findings and controls task assignments.
The actual coordination server is represented as a placeholder in the artifact, so the reviewed text does not identify the concrete endpoint users will connect to.
Base URL: {API_URL}Verify the real API_URL and project provenance before use, and prefer a pinned, documented, trusted endpoint.