skills/lidpeng/openclaw_swarm/agent-swarm/Socket

agent-swarm

Fail

Audited by Socket on Feb 21, 2026

2 alerts found:

Obfuscated FileSecurity

Obfuscated Filereferences/setup-guide.md

HIGH

Obfuscated FileHIGH

references/setup-guide.md

No explicit malicious code or obfuscated payloads are present in the provided documentation/config fragment. The primary concerns are operational: example configurations encourage storing secrets in plaintext and grant several agents high-risk capabilities (exec/process/cron/browser) that could enable arbitrary command execution, lateral movement, or data exfiltration if an agent or referenced script is compromised. Before deployment, audit referenced scripts and gateway components, adopt secret management, enforce least privilege (remove unnecessary exec/process/cron/browser grants), and implement logging/audit controls and clear runtime enforcement of allow/deny rules.

Confidence: 98%

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

[Skill Scanner] [Documentation context] Backtick command substitution detected No direct malware was found in this SKILL.md content. However, the skill prescribes execution of local entry scripts, uses exec/subprocess patterns and sessions_spawn with agents that have broad tool permissions, and accepts/stores raw API keys and arbitrary provider baseUrls. Those patterns are legitimate for an orchestration tool but create a medium-to-high supply-chain and credential-exfiltration risk if the referenced scripts, configs, or providers are compromised or misused. Recommend: audit the scripts under scripts/, enforce least-privilege tool permissions per agent, add explicit guidance for secure secrets storage and trusted provider endpoints, and require verification (checksums/signatures) before running the mandatory entry script. LLM verification: [LLM Escalated] This skill is functionally consistent with its stated purpose (agent orchestration) but presents moderate supply-chain and data-exfiltration risks. Key concerns: mandatory execution of local scripts (scripts/swarm_entry.py), unrestricted exec/subprocess usage including shell heredoc patterns, storage and usage of raw apiKey + baseUrl for arbitrary model providers, and injection of local 'experience' text into tasks sent to other agents or model endpoints. These flows can accidentally or intentio

Confidence: 75%Severity: 75%

Audit Metadata

Analyzed At

Feb 21, 2026, 03:04 AM

Package URL

pkg:socket/skills-sh/lidpeng%2Fopenclaw_swarm%2Fagent-swarm%2F@c3b681f7a51e005ae2c69098209b57ec3fa8e9ac