ClawHub

SWARM Safety

v1.5.0

SWARM: System-Wide Assessment of Risk in Multi-agent systems. 38 agent types, 29 governance levers, 55 scenarios. Study emergent risks, phase transitions, and governance cost paradoxes.

2· 1.2k·0 current·0 all-time
by@rsavitt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (multi-agent safety simulation) align with the provided instructions and metadata: it documents agent types, scenarios, governance levers, and CLI/API usage. Nothing requested (no env vars, no unusual binaries) is disproportionate to a simulation/testing framework.
Instruction Scope
SKILL.md stays on-topic: it explains installation (pip/git), local API startup (uvicorn binding to 127.0.0.1), CLI usage, and curl-based local endpoints. It explicitly warns not to expose the dev API and not to submit real API keys/PII. It does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism
Install instructions use pip and an upstream GitHub repository — standard, low-to-moderate risk for Python packages. No arbitrary binary downloads, no URL shorteners or personal IP-hosted archives are used in the instructions.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md notes the API will return agent api_keys when run locally (expected behavior for a simulation server) but does not request unrelated secrets.
Persistence & Privilege
No 'always' flag, default autonomous invocation is allowed (normal). The skill is instruction-only and does not request persistent or elevated system privileges or modify other skills' configurations.
Assessment
This appears coherent for a local simulation framework, but follow standard precautions before installing or running: (1) run pip installs in an isolated virtualenv or container; (2) review the package source on the referenced GitHub repo before installing, especially if you plan to use extras like [llm] or [api]; (3) keep the API bound to localhost and behind firewalls — do not bind to 0.0.0.0 on untrusted networks; (4) never submit real API keys, credentials, or PII to scenarios; and (5) be aware that installing Python packages can execute install scripts, so inspect setup metadata if you require a higher assurance level.

Like a lobster shell, security has layers — review code before you run it.

latestvk974hcbs5dgencahe9p06f3mfx812gnz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments