Swarm Orchestrator
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: swarm-orchestrator Version: 1.0.0 The bundle describes a high-privilege AI orchestration platform that requires extensive system access, including global package installation (npm install -g), local database management, and the execution of local scripts via 'Tool Agents'. While the documentation is transparent and emphasizes a 'local-first' privacy model, the skill essentially acts as an installer for external code from GitHub (ZhenRobotics/openclaw-swarm-orchestrator) and npm, which introduces significant supply-chain risk. No evidence of intentional malice or data exfiltration was found, but the broad shell/network capabilities and the future-dated timestamp (2026) in _meta.json justify a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured or over-trusted agent could run local code or interact with other systems more broadly than the user intended.
The documented agent types can run local scripts/functions and integrate with arbitrary systems, but the artifacts do not describe concrete permission limits, sandboxing, or user approval requirements for those actions.
工具智能体 执行特定的本地函数或脚本 ... 自定义智能体 ... 可与任何系统集成
Use this only with explicit per-agent permissions, sandboxed execution where possible, and human confirmation for file, shell, account, or external-system changes.
The actual behavior depends on external package and repository contents, which are outside the provided static scan artifacts.
The skill directs installation of an external global npm package/repository rather than providing reviewed runtime code in the submitted artifact set.
install_command: "npm install -g openclaw-swarm-orchestrator"
Review the npm package, repository, lockfiles, and Docker configuration before installing; prefer pinned versions and isolated environments.
Installing or starting the platform will run third-party project code on the user's machine.
The installation and run instructions execute local containers and package-install/build commands. This is expected for the stated FastAPI/React platform, but it executes code from the referenced project.
docker-compose up -d ... pip install -r requirements.txt ... npm install ... npm run dev
Run in Docker or another sandbox, inspect dependency files first, and avoid running as an administrator/root unless required.
Provider API keys could incur cost or expose prompts/tasks to the selected LLM provider if configured.
The skill supports optional provider API keys for LLM agents. This is purpose-aligned and disclosed, with no artifact evidence of leakage or unrelated use.
OPENAI_API_KEY ... ANTHROPIC_API_KEY ... Optional OpenAI API key for LLM agents
Only add provider keys when needed, use least-privilege/project-scoped keys where possible, and avoid placing secrets in task descriptions or logs.
Prompts, tasks, agent configurations, and execution logs may remain on disk after use.
The platform stores agent, task, cache, and log data locally. This persistence is expected, but stored task context can contain sensitive information and may influence later orchestration.
SQLite 文件存储在 `./data/swarm.db` ... 日志 ... `./logs/` ... 缓存:本地 Redis
Do not put secrets in tasks, review log retention, and delete the database/logs when they are no longer needed.
The orchestrator, Redis, backend, or frontend may keep running and listening on local ports after the initial setup task is complete.
The skill documents detached or background local services for the orchestrator. This is disclosed and purpose-aligned, but it creates long-running agent infrastructure that may continue until stopped.
docker-compose up -d ... redis-server & ... uvicorn app.main:app --reload & ... npm run dev &
Know how to stop the services, keep them bound to localhost, and avoid exposing the dashboard/API to untrusted networks.