Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Swarm Orchestrator
v1.0.0AI Agent cluster orchestration platform - manage, schedule, and coordinate multiple AI agents locally with FastAPI backend and React dashboard
⭐ 0· 188·1 current·1 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (local orchestration of AI agents) aligns with the declared tools (python, node, redis, optional docker), configuration (SQLite, Redis), and optional LLM API keys (OpenAI/Anthropic). The listed npm package and GitHub repo also match the stated purpose.
Instruction Scope
SKILL.md is instruction-only and focuses on installing and running a FastAPI backend + React frontend locally. It instructs cloning a GitHub repo, checking docker-compose.yml, and optionally supplying LLM API keys only when using LLM agents. It does not direct the agent to read arbitrary host files or exfiltrate data, but it does instruct downloading and running third-party code (git clone / npm install), so you should inspect that code before execution.
Install Mechanism
No automated install spec is embedded in the registry (instruction-only). The instructions recommend cloning a GitHub repo, running docker-compose, or installing an npm package (npm install -g openclaw-swarm-orchestrator). Those are common for this type of project, but pulling and running code from external sources always carries risk—verify the repository URL and commit hash before running, and prefer Docker containers if you want stronger isolation.
Credentials
Environment variables declared in SKILL.md are appropriate and marked optional: DATABASE_URL, REDIS_URL, SECRET_KEY (sensitive), and optional OPENAI_API_KEY / ANTHROPIC_API_KEY for LLM usage. Nothing requests unrelated credentials or excessive secrets. Note: registry metadata earlier showed a serialization issue ('[object Object]') when listing required env vars, but SKILL.md contains a clear, reasonable env list.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request permanent elevated privileges or modifications to other skills. It will create local files (./data, ~/.swarm-orchestrator, ./logs) as expected for a local service.
Assessment
This skill appears coherent for running a local multi-agent orchestrator. Before installing or running it: 1) Inspect the GitHub repository (https://github.com/ZhenRobotics/openclaw-swarm-orchestrator) and verify the referenced commit hash matches what you expect; 2) Review docker-compose.yml and any container images before doing docker-compose up; 3) If you prefer stronger isolation, run services in Docker rather than installing npm packages globally; 4) Only add OPENAI/ANTHROPIC API keys if you need LLM agents and store .env securely (don’t commit it); 5) Be cautious when running npm install -g or executing code from the repo—these operations execute third‑party code on your machine. Finally, note the registry metadata displayed a parsing glitch for env vars ([object Object]); rely on the SKILL.md/readme contents for the canonical configuration.Like a lobster shell, security has layers — review code before you run it.
latestvk97fdkk89cq96t4rnaw589wzxx82r1zw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Env[object Object], [object Object], [object Object], [object Object], [object Object]