ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Swarm Sprint

v1.0.1

Parallel multi-agent coding sprints using git worktree isolation. Use when running 2+ coding tasks on a repository that touch different parts of the codebase...

0· 6·0 current·0 all-time
by@jdh3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description describe parallel multi-agent sprints using git worktrees; the included script runs git worktree, creates branches, generates agent packages, and instructs spawning subagents. No unrelated credentials, binaries, or external services are required — this is proportionate to the stated purpose.
!
Instruction Scope
SKILL.md and scripts instruct creating/removing worktrees, committing from subagents, and writing sprint logs. This is expected, but the script executes shell/git commands (git worktree add/remove, git branch -D, git worktree prune) and falls back to rm -rf for manual cleanup. Task IDs and repoPath are used to build branch names and filesystem paths: if untrusted task inputs are used, that could lead to unexpected filesystem operations or destructive rm -rf behavior. Also spawning multiple subagents increases the blast radius (many agents having access to repo contents and any network outlet).
Install Mechanism
There is no install spec (instruction-only skill with a shipped script). Nothing is downloaded or installed by the registry metadata — lowest install risk.
Credentials
The skill declares no required environment variables or credentials. The script runs git and shell commands and defaults repoPath to the current working directory; no secret access is requested by the skill itself. However, subagents spawned per the instructions may have access to environment or network depending on your agent platform's configuration — that is an operational concern, not an inconsistency with the skill's declared requirements.
Persistence & Privilege
always:false and no attempt to modify other skills or system-wide agent settings. The skill writes swarm-packages.json and a sprint log and creates/deletes git worktrees and branches — these are expected for a coordinator tool and scoped to the repository/worktree area.
Assessment
This skill appears to do what it says (create isolated git worktrees, generate per-task agent packages, and coordinate merges), but take these precautions before using it on important repositories: - Review the full, untruncated scripts/swarm.js file before running. The provided copy is truncated in the manifest; any hidden code could change the risk profile. - Run in --dry-run or --plan-only first to see planned worktrees and groups without touching disk or branches. Inspect generated swarm-packages.json before spawning agents. - Only run on a local clone or a disposable environment (not directly on a production checkout). Prefer a sandbox or CI workspace and ensure you have a backup/clean branch to recover. - Validate and sanitize task inputs. The script builds branch names and filesystem paths using task.id and repo path; a malicious or malformed task id could cause unexpected branch names or file paths. Do not accept tasks from untrusted sources without validation. - Be cautious about cleanup fallback: the script attempts rm -rf on worktree paths if git removal fails. Do not run as root and confirm the computed worktree paths are safe before allowing cleanup to run. - Consider agent/network privileges: spawning multiple subagents increases the number of processes with access to repository content and any network egress those agents have. Limit agent network and secret access if possible. - Confirm the coordinator (human or automated) reviews diffs before merge; the skill's safety relies on that step. Use git push/policy controls rather than allowing automated pushes from worker environments. If you need higher assurance, ask the publisher for the full, untruncated script and a short security note describing path sanitization and any safety checks they perform.
scripts/swarm.js:38
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c3gga2at42w7wtwp6hcxacd84daff

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments