ClawHub

SwarmRecall Pools

v1.1.0

Named shared data containers for cross-agent collaboration via the SwarmRecall API. Manage shared pools that let multiple agents contribute to and query from...

0· 64·0 current·0 all-time
byWayde@waydelyle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description and required credential align: the skill talks to the SwarmRecall API and only asks for SWARMRECALL_API_KEY (primaryEnv), which is appropriate for an API-based shared-data service.
Instruction Scope
SKILL.md instructs the agent to use SWARMRECALL_API_KEY or self-register by POSTing to the service and then 'save the apiKey to the SWARMRECALL_API_KEY environment variable'. It also references an override env var (SWARMRECALL_API_URL) that is not declared in requires.env. The instructions explicitly warn to get user consent before storing personal data to pools, which is good, but the guidance to set an env var at runtime (and not write to disk) may not be implementable or enforceable by the agent runtime and could be a source of confusion.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by an installer, which minimizes install-time risk.
Credentials
Only a single API key (SWARMRECALL_API_KEY) is required and declared as primaryEnv; this is proportionate to the stated purpose. The SKILL.md does mention an optional SWARMRECALL_API_URL but that env var wasn't declared in the registry metadata.
Persistence & Privilege
always:false and no unusual privileges requested. However, the agent is allowed to invoke the skill autonomously (default), and the skill enables writing user data to an external shared service — so ensure you trust the service before permitting autonomous agents to store or share data without additional user approval.
Assessment
This skill is coherent with its described purpose, but review these points before installing: (1) Treat SWARMRECALL_API_KEY as a secret — only provide it if you trust swarmrecall.ai; (2) The skill will send pool data to an external server (swarmrecall-api.onrender.com), so do not allow the agent to store personal or sensitive information in pools without explicit user consent; (3) The SKILL.md references an override env var (SWARMRECALL_API_URL) that isn't declared — verify endpoints and provenance of the service (confirm the official API domain and privacy policy) before enabling; (4) Because the agent can call the API autonomously, consider restricting autonomous actions or requiring explicit user approval when the agent attempts to share data to a pool.

Like a lobster shell, security has layers — review code before you run it.

latestvk9784t1yfd6qy6vm5p54s6t6xs846jyj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤝 Clawdis
EnvSWARMRECALL_API_KEY
Primary envSWARMRECALL_API_KEY

Comments