ClawHub

SWARM Safety

v1.7.1

SWARM: System-Wide Assessment of Risk in Multi-agent systems. 38 agent types, 29 governance levers, 55 scenarios. Study emergent risks, phase transitions, an...

0· 412·0 current·1 all-time
by@rsavitt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (multi-agent safety research) align with the instructions (pip-installable Python package, simulation API, CLI). The skill does not request unrelated resources (no cloud creds, no unusual binaries).
Instruction Scope
SKILL.md focuses on running local simulations, CLI usage, and a localhost-only API. It explicitly warns not to expose the dev API, not to include real credentials/PII in scenarios, and treats results as research artifacts. The instructions do not direct the agent to read unrelated system files or exfiltrate data.
Install Mechanism
No install spec in registry (instruction-only). SKILL.md recommends standard pip installs or cloning the GitHub repo — common, well-understood install methods with no opaque download URLs.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md does show that agent registration returns an api_key for local API use — appropriate and proportional to the stated API functionality.
Persistence & Privilege
always is false and the skill is user-invocable. The SKILL.md says storage is in-memory by default and warns about production deployment changes; it does not request permanent agent-level privileges or modify other skills.
Assessment
This skill appears coherent with its stated purpose, but standard caution is advised: (1) confirm the PyPI package name and the GitHub repo (https://github.com/swarm-ai-safety/swarm) match what you expect before installing; (2) install in a virtual environment or sandbox; (3) do not bind the API to 0.0.0.0 or expose it to untrusted networks; (4) do not include real API keys, passwords, or PII in scenario YAMLs; (5) if you need higher assurance, review the package source on GitHub or the PyPI release contents and checksums before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972cbxmec0xsw9n1fqa70frqn81q94w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments