swarm
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The primary installation method involves
curl -fsSL https://raw.githubusercontent.com/clawdbot/node-scaling/main/install.sh | bash. This pattern allows for arbitrary command execution from a source that is not part of the established trusted organizations. - [CREDENTIALS_UNSAFE] (MEDIUM): The
bin/setup.jsscript andconfig.jslogic store and retrieve sensitive API keys (Gemini, OpenAI, Anthropic, Groq) in plaintext files located in~/.config/clawdbot/. While the skill attempts to set owner-only read/write permissions (0600), plaintext storage of credentials remains a significant risk. - [DATA_EXFILTRATION] (LOW): The skill provides tools for fetching and scraping content from arbitrary URLs (
lib/tools.js). While necessary for its research functionality, this capability could be abused for Server-Side Request Forgery (SSRF) or exfiltrating data from internal services if the agent is manipulated by an attacker. - [PROMPT_INJECTION] (LOW): The skill includes a security module (
lib/security.js) that uses basic regular expressions to detect prompt injection attempts. While these filters provide a surface-level defense, they are easily bypassed. However, the skill implements a 'secure prompt' wrapper that instructs workers to treat external data as information rather than commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/clawdbot/node-scaling/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata