SwarmRecall Learnings
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill matches its stated learning-log purpose, but it can automatically send failed command output to a third-party persistent memory service and reuse or share those learnings later.
Install only if you are comfortable with error logs and learning records being sent to SwarmRecall. Ask the agent to confirm before logging command output, avoid using it on tasks that may expose secrets or personal data, and be careful with shared pools and automatic promotion or archiving of learnings.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private command output or error details could be stored on SwarmRecall servers and later retrieved as agent memory.
This directs the agent to upload failed command output to a remote persistent learning store; such output can include secrets, personal data, or private project details, and the instruction does not require a per-log preview or redaction step.
On error: call `POST /api/v1/learnings` ... with ... `the command/output that failed`.
Require explicit user approval or a preview before logging command output, redact secrets by default, and document retention and deletion controls.
If pool sharing is used, learnings may be visible to other pool members and their learnings may influence this agent.
Shared-pool learnings are disclosed and access-controlled in the description, but they can expose or import memories across agents or pool members.
When `poolId` is provided, the learning is shared with all pool members... Search ... and list ... results automatically include data from pools the agent belongs to.
Use shared pools only for non-sensitive information, clearly label pooled results, and require user approval before writing to a shared pool.
Installing or using the skill may create a SwarmRecall agent identity and API key tied to stored learning data.
The skill can create and use a service credential for SwarmRecall. This is expected for the integration and it warns not to write the key to disk without consent.
If `SWARMRECALL_API_KEY` is not set, self-register... The response returns `{ "apiKey": "...", "claimToken": "..." }`. Save the `apiKey` to the `SWARMRECALL_API_KEY` environment variable...Confirm the user wants registration before self-registering, keep the API key in environment storage only, and rotate or revoke it if no longer needed.
Incorrect learnings could become durable guidance that affects future sessions, and useful original records could be archived.
Bad, outdated, or poisoned learnings could be promoted into persistent best-practice records and older records archived. The dreaming workflow does not clearly restate user approval, rollback, or audit requirements.
During a dream cycle, the agent reads each candidate, synthesizes a best-practice learning, and creates it... can ... archive individual learnings...
Require user approval before promotion or archiving, keep an audit trail, and provide a simple way to revert promoted or archived learnings.