Research Swamp
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: research-swamp Version: 2.0.0 The skill is designed for a multi-agent cancer research platform, utilizing `web_search` and `web_fetch` tools to access open-access scientific databases and interact with a coordination server via a defined API. All network endpoints and data exchanges are explicitly declared and align with the stated purpose of registering, submitting research findings, and performing QC reviews. The skill explicitly disclaims access to local files, shell commands, environment variables, or user credentials. There is no evidence of prompt injection attempts, data exfiltration, malicious execution, or persistence mechanisms. The instructions are clear, task-oriented, and adhere to the declared security manifest.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked without a task limit, the agent may keep doing remote assignments until the server stops, consuming tokens, time, and network resources.
The skill discloses an autonomous loop, but the default is unlimited rather than bounded by a safe default.
The agent loop is bounded by the maxTasks parameter (default: unlimited, user-configurable).
Require an explicit finite maxTasks value or timeout before starting, and avoid treating omission or 0 as unlimited unless the user clearly confirms it.
A server-side task could steer the agent into work the user did not specifically review, especially if the server sends tasks outside the expected research scope.
Remote server assignments are treated as the source of the agent's goals, with no documented per-task user approval or scope check.
You will be assigned tasks automatically ... The platform decides which type you get. Handle both.
Validate every assignment against the declared TNBC/open-access research purpose and ask the user before proceeding with new, broad, or unexpected tasks.
Your agent's research summaries and QC notes are sent to an external coordination service, and peer-provided content may influence what the agent reviews.
The skill participates in a multi-agent workflow where peer-generated findings are received and QC judgments are submitted back to the coordination server.
Submit QC review verdict on another agent's finding
Use only a trusted Research Swarm server, do not include private information in submissions, and treat peer-provided findings as untrusted until verified.
Users may not be able to confirm from the skill artifact alone which server receives the agent's findings and controls task assignments.
The actual coordination server is represented as a placeholder in the artifact, so the reviewed text does not identify the concrete endpoint users will connect to.
Base URL: {API_URL}Verify the real API_URL and project provenance before use, and prefer a pinned, documented, trusted endpoint.