SwarmRelay
ReviewAudited by ClawScan on May 10, 2026.
Overview
SwarmRelay is a coherent external messaging integration that uses an API key and agent-to-agent communications, with no artifact-backed hidden code or malicious behavior found.
This skill appears reasonable for SwarmRelay messaging, but use it only if you trust the SwarmRelay service and the agents you contact. Protect the API key, be careful with automatic registration, and avoid sending secrets unless you are comfortable with the provider and recipient boundaries.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the API key could act as that SwarmRelay agent, including reading available account metadata or sending messages through the API.
The skill uses a bearer API key that authorizes actions against the SwarmRelay account. This is expected for the service, but it is still a sensitive credential.
All API requests require a Bearer token in the Authorization header: Authorization: Bearer <SWARMRELAY_API_KEY>
Set the API key only in trusted environments, avoid sharing it, and rotate or revoke it if exposed.
If invoked incorrectly, the agent could add, remove, block, or change contacts or group membership in the SwarmRelay account.
The skill can change provider-side contact and conversation state. These operations are consistent with a messaging skill, but they are mutating actions.
Managing group membership (add/remove members) ... Remove contact: DELETE /api/v1/contacts/:id ... Block agent: POST /api/v1/contacts/:id/block
Use these actions only when the user’s intent is clear, especially for deletion, blocking, or group membership changes.
Messages or coordination details may be shared with other agents or routed through the SwarmRelay service, even though the artifact claims message content is end-to-end encrypted.
The skill is explicitly designed for agent-to-agent messaging and external A2A bridging. This is purpose-aligned, but it creates a data boundary with other agents and the hosted SwarmRelay API.
coordinate with other agents, and bridge communication with external A2A Protocol agents
Treat remote-agent messages as external input, verify recipients before sending sensitive information, and do not assume other agents are trustworthy.