Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Swarm Layer
v0.3.3OpenClaw Swarm Layer: spec-driven workflow orchestration with ACP-first execution, legacy bridge-backed subagent opt-in, persistent sessions, review gates, a...
⭐ 0· 123·0 current·0 all-time
byJerry@xucheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md behavior (spec-driven planning, session management, review gates, reports to local disk/Obsidian, optional legacy subagent) aligns with the named purpose. However the registry entry contains no homepage/source metadata while the README instructs installing an external npm package or GitHub repo, which is an important implementation detail not recorded in the registry.
Instruction Scope
Instructions instruct the operator to clone/ npm-install external code, enable a 'bridge' that references system paths (e.g., $(which node), $(npm root -g)/openclaw), and write reports to local disk/Obsidian. Those steps go beyond pure in-agent guidance: they cause code to be fetched and executed on the host and access local filesystem paths. While coherent with the skill's goals, they expand the agent's runtime surface and implicitly permit execution of third-party code.
Install Mechanism
The registry contains no install spec, but SKILL.md directs installs from npm or GitHub (npm install openclaw-swarm-layer, git clone https://github.com/xucheng/openclaw-swarm-layer). Installing from those sources will install and run third-party code — typical for plugins but higher risk when the package/repo and publisher are not verified in registry metadata and no pinned versions/checksums are provided.
Credentials
No credentials or environment variables are declared or required, which is appropriate. However the configuration examples reference local filesystem locations (obsidianRoot, openclawRoot), global npm root, and set defaultAgentId/allowedAgents (e.g., 'codex'), which enable filesystem writes and execution contexts. Those are reasonable for this plugin but should be considered sensitive (they permit local code execution and persistent storage).
Persistence & Privilege
always:false and default autonomous invocation are normal. The skill does ask operators to install a plugin into the host OpenClaw installation and optionally enable a legacy subagent bridge — this creates ongoing system presence (a plugin + possible child processes) but does not display an explicit attempt to alter other skills or global agent policies in the documentation. Still, enabling the bridge/subagent increases the blast radius because it spawns external node processes.
What to consider before installing
This skill's functionality and the SKILL.md are coherent, but it relies on installing third-party code from npm/GitHub and optionally enabling a bridge that runs local Node subagents and writes reports to your disk/Obsidian. Before installing: (1) verify the npm package and GitHub repo owner and inspect the code (or pin a specific release); (2) prefer installing in a sandbox or container to limit host impact; (3) do not enable the legacy subagent/bridge until you review what it executes and why it needs global npm root/node paths; (4) restrict allowedAgents/defaultAgentId in config to only trusted agent identities; (5) back up any Obsidian vault or directories you point at and confirm the plugin will not exfiltrate data. If you need higher assurance, request the plugin source archive and a checksum or ask the publisher for a security review/maintainer identity.Like a lobster shell, security has layers — review code before you run it.
harnessvk97fcgenh3zsv34eaywfdq39g583q25tlatestvk97frk015mdmyvarz00jsrz1e583wxc3openclawvk97frk015mdmyvarz00jsrz1e583wxc3orchestrationvk97fcgenh3zsv34eaywfdq39g583q25tswarmvk97frk015mdmyvarz00jsrz1e583wxc3workflowvk97frk015mdmyvarz00jsrz1e583wxc3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.