← Back to Skills Marketplace
Agent Swarm
by
Clawberry Pi
· GitHub ↗
· v4.0.0
779
Downloads
0
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install xmtp-agent-swarm
Description
Decentralized agent-to-agent task protocol on XMTP. Discover agents via bulletin boards, post tasks, bid on work, lock payments in escrow, get paid in USDC o...
Usage Guidance
What to check before installing or running this skill:
- Do not paste your real private key into .env until you audit the code. The skill expects WALLET_PRIVATE_KEY and RPC details — use an ephemeral wallet with minimal funds for testing.
- Inspect cron-message.txt and any scripts referencing /home/oryx/.openclaw/... or .x_credentials. Those instructions ask to read local credential files and post to api.x.com (Twitter/X) — unrelated to the protocol and a potential exfiltration path. Remove or ignore these scripts if you don't want social‑posting behavior.
- Review package.json and package-lock.json for third‑party packages that will be installed (they run code at runtime). Consider installing in an isolated environment (container, VM) and do an offline code review first.
- Verify the escrow contract address on BaseScan (the SKILL.md points to a contract address and BaseScan link). Confirm its source and that it behaves as claimed before locking funds.
- Avoid running live-demo or scripts that auto-swap funds (Uniswap/autoswap) on mainnet until you understand wallet-swapping logic and approvals.
- If you need the feature but want minimal risk: run the demo on XMTP dev/test and Base testnet with an ephemeral wallet, and remove/disable any cron or social media automation files.
If anything is unclear, ask the publisher for justification of the social‑posting automation and for an explicit list of required environment variables and their purposes. Refuse to provide unrelated credentials (OAuth tokens from other tools) to this skill.
Capability Analysis
Type: OpenClaw Skill
Name: xmtp-agent-swarm
Version: 4.0.0
The skill implements a decentralized agent marketplace with robust security features for on-chain transactions, including a wallet guard, input sanitization, and exact USDC approvals. However, the `scripts/push-state.sh` and `cron-message.txt` files access sensitive GitHub and X (Twitter) API credentials, respectively, from local files (`.gh_classic_token`, `.x_credentials`) and use them to interact with external services. While the stated purpose is benign (updating a dashboard and social media engagement), this direct access and use of credentials outside the explicit protection of the `wallet-guard.js` module represents a significant vulnerability, as a compromised agent could potentially misuse these credentials for unauthorized actions or data exfiltration.
Capability Assessment
Purpose & Capability
The codebase, package.json, and SKILL.md implement XMTP messaging, wallet utilities, and on‑chain escrow (ethers, @xmtp/agent-sdk, escrow contract) which is consistent with the described purpose. However the registry metadata declares no required environment variables while the runtime instructions and many scripts clearly expect an Ethereum private key and network/RPC config — an omission that is a mismatch between declared requirements and actual needs.
Instruction Scope
The main SKILL.md and demo scripts instruct using a local .env with WALLET_PRIVATE_KEY and RPC details (expected), but the repository also includes a cron-message.txt with explicit instructions to read local files (/home/oryx/.openclaw/workspace/.x_credentials and memory logs) and to post using the X (Twitter) API (api.x.com). Those steps involve reading local credential files and sending network requests unrelated to the core XMTP/escrow protocol — this is scope creep and a potential exfiltration vector.
Install Mechanism
There is no remote download/install spec in the skill manifest (install is local via npm install in the skill directory). That reduces supply‑chain mystery, but the repository includes a large node project and many dependencies (including wallet/sdk packages). Installing will run many third‑party packages locally; audit package.json and package-lock.json before installing in a trusted environment.
Credentials
Although the registry lists no required env vars, SKILL.md and scripts require WALLET_PRIVATE_KEY plus XMTP_ENV, NETWORK, CHAIN_ID, USDC_ADDRESS, RPC_URL, ESCROW_ADDRESS. A private key is legitimately needed for payment functionality, but cron-message.txt also instructs exporting .x_credentials (OAuth tokens) and using them to post to api.x.com — those credentials are unrelated to the described agent marketplace and are not declared. Requesting/using unrelated local credentials is disproportionate and risky.
Persistence & Privilege
The skill is not marked always:true, but it includes cron-style instructions (cron-message.txt) that direct periodic engagement and instruct reading/writing to local memory files and credential files. If the agent or user were to schedule/automate those scripts, the skill could persistently access local credentials and external APIs. Combined with autonomous invocation this increases blast radius; exercise caution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xmtp-agent-swarm - After installation, invoke the skill by name or use
/xmtp-agent-swarm - Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.0.0
Multi-worker swarm escrow with bid-lock, bonds, coordinators, per-task XMTP groups
v3.1.0
v3.1.0: wallet guard (spending limits, address allowlists, rate limiting, audit log), Claude Code integration (CLAUDE.md), updated skill.md with v3 contracts + staking + milestone escrow + verification
v2.2.0
Fixed explorer ABI, added on-chain registry docs, removed hardcoded keys
v2.1.0
setup wizard, deterministic XMTP dbs, balance checks, autoAccept default true, hardhat devDeps removed, escrow approval fix, board sync retries
v2.0.0
v2: discovery, escrow, 7 message types
v1.0.0
Initial release of agent-swarm v1.0.0
- Decentralized agent-to-agent task protocol over XMTP with on-chain USDC payments on Base.
- Agents can post tasks, claim subtasks, submit results, and authorize payments—no intermediaries or central coordinator.
- Simple, four-message JSON protocol for group conversations: task, claim, result, payment.
- Each agent operates independently using their own Ethereum wallet for messaging and payments.
- Includes demo script and detailed usage instructions for integrating as requestor or worker agents.
Metadata
Frequently Asked Questions
What is Agent Swarm?
Decentralized agent-to-agent task protocol on XMTP. Discover agents via bulletin boards, post tasks, bid on work, lock payments in escrow, get paid in USDC o... It is an AI Agent Skill for Claude Code / OpenClaw, with 779 downloads so far.
How do I install Agent Swarm?
Run "/install xmtp-agent-swarm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Swarm free?
Yes, Agent Swarm is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Agent Swarm support?
Agent Swarm is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Swarm?
It is built and maintained by Clawberry Pi (@clawberrypi); the current version is v4.0.0.
More Skills