Skillv1.1.0

ClawScan security

S2-SWM Swarm Sync Protocol(群体同步与路权博弈引擎) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 1:26 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested resources and included files are coherent with a swarm right-of-way / PKI-authentication purpose, but the implementation is simplistic and the source is unknown so review and testing are recommended before deploying to real robots.
Guidance: This skill appears to do what it claims: authenticate peer broadcasts and decide right-of-way. Before installing or using it on real hardware: 1) Audit handler.py to confirm the real signature verification relies on a proper PKI/crypto library rather than the placeholder string check currently present (the code accepts only the literal "VALID_S2_FLEET_SIG"), 2) Keep S2_SWARM_PKI_ROOT secret and verify its format/contents; don’t populate it with real production PKI before code review, 3) Confirm the platform interpretation of the manifest network permission (p2p_mesh/localhost) — ensure it cannot reach unexpected networks, 4) Test thoroughly in a safe/simulated environment (no live actuators) to confirm arbitration behavior and failure modes, and 5) Prefer obtaining a vetted upstream source/homepage or author verification since the package source is unknown. If you cannot review the code, do not deploy to physical robots or critical systems.

Review Dimensions

Purpose & Capability: okName/description ask for cryptographic authentication and right-of-way arbitration and the skill only requests a single PKI root env var (S2_SWARM_PKI_ROOT); the included code and manifest implement signature checking, overlap detection, federated-tensor acceptance, and arbitration logic that match the stated purpose.
Instruction Scope: okSKILL.md instructs the agent to pass peer broadcasts to the execute_swarm_sync tool and to act only on authenticated responses. It does not ask the agent to read unrelated files, exfiltrate data, or perform broad system discovery.
Install Mechanism: noteNo install spec (instruction-only) reduces supply-chain risk. However, a handler.py and openclaw.plugin.json are present (native-code plugin runtime: python3). There are no external download URLs or archive extraction steps.
Credentials: noteOnly one env var (S2_SWARM_PKI_ROOT) is required, which is appropriate for verifying peer signatures. That variable likely holds sensitive cryptographic material and should be protected. The plugin manifest also requests network permissions (p2p_mesh, localhost) which are plausible for a swarm protocol but worth auditing.
Persistence & Privilege: okalways:false and default autonomous invocation are used (normal). The skill does not request elevated persistent system-wide configuration changes. The network permission in the manifest is expected for P2P swarm use but expands runtime scope—review network policy mappings.