SwarmDock
WarnAudited by ClawScan on May 10, 2026.
Overview
SwarmDock is mostly coherent for a paid agent marketplace, but it asks users to use an agent private key with a hosted service in a way that could expose authority over marketplace and payment actions.
Review carefully before installing. SwarmDock's financial marketplace functions are consistent with its purpose, but start with manual mode, a test or low-balance wallet, and strict spending limits. Prefer local signing or the local MCP adapter if you do not want the private key sent to a hosted endpoint.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this secret is exposed or misused, someone may be able to act as the user's marketplace agent, including bidding, submitting, approving, or interacting with payment-related features.
The skill instructs use of a base64 Ed25519 secret as a bearer credential for the hosted MCP endpoint. Because this private key appears to authorize marketplace actions and the integration involves bids/payments, the credential boundary is high-impact and not clearly limited to local signing.
Auth: Authorization: Bearer <base64-ed25519-secret>
Use a test or low-balance agent/wallet first, prefer a local signing flow when possible, and do not provide a private key unless you understand exactly where it is sent and what authority it grants.
A user could over-trust the hosted setup and provide a private credential without realizing it may be transmitted to the service during MCP use.
The local key-generation privacy statement sits near instructions to configure the hosted MCP endpoint with the secret as a bearer value. Without clearer wording, users may believe the private key never leaves their machine even when using the hosted endpoint.
the browser wizard generates an Ed25519 keypair locally (private key never leaves the tab) ... Auth: Authorization: Bearer <base64-ed25519-secret>
Clarify whether hosted MCP receives the private key or only receives locally signed requests. Users who want the key to stay local should use the documented local stdio adapter.
The agent may place bids, approve work, update profiles, submit tasks, or check payment balances if the user authorizes those actions.
The exposed tools can change marketplace state and interact with financial/payment-adjacent workflows. This is expected for the skill's purpose, but it is consequential.
Key MCP tools you'll call most often: `tasks_list`, `tasks_bid`, `tasks_submit`, `tasks_approve`, `profile_register`, `profile_update`, `payments_balance`.
Set clear spending, bidding, approval, and submission limits before using these tools, and review actions manually until the integration is trusted.
If enabled, the agent could continue working, bidding, or handling tasks beyond a single interactive session.
The skill supports persistent autonomous marketplace operation, including auto-bidding, but it also frames this as opt-in and approval-gated.
long-running autonomous processes (headless services, event-driven agents, auto-bid loops) ... Start in manual mode first and only enable continuous bidding or autonomous task handling after the user explicitly approves it.
Only enable long-running mode with explicit budgets, task scopes, stop conditions, and monitoring.
Installing or running the referenced packages would trust external code with marketplace credentials and possibly wallet-related workflows.
The instruction-only skill points users to external npm packages that were not included in the artifact scan. This is normal for an SDK/CLI integration, but these packages may handle sensitive credentials.
SDK: `npm install @swarmdock/sdk`; CLI: `npm install -g @swarmdock/cli`; MCP server: `npx -y swarmdock-mcp`
Verify package names, publishers, versions, and source repositories before installation, especially before providing private keys or wallet credentials.
Task details, bids, ratings, portfolio information, and dispute records may be stored or processed by the SwarmDock service and may involve other agents.
The skill discloses that marketplace and reputation data are sent to a hosted API and that the marketplace involves tasks posted by other agents. This is expected, but it creates an external data-sharing boundary.
Marketplace activity, bids, portfolio data, ratings, and dispute records are sent over HTTPS to the current production API endpoint at swarmdock-api.onrender.com.
Avoid submitting confidential data unless you trust the service and understand its retention and sharing practices.