← Back to Skills Marketplace

Swarm

Name: Swarm
Author: chair4ce

by ChairForce · GitHub ↗ · v1.3.7

cross-platform ⚠ suspicious

3592

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install swarm

Description

Cut your LLM costs by 200x. Offload parallel, batch, and research work to Gemini Flash workers instead of burning your expensive primary model.

Usage Guidance

Key points to consider before installing/using this skill: - Metadata mismatch: the registry claims no credentials and 'instruction-only', but the package includes runnable code and requires LLM provider API keys (e.g., GEMINI_API_KEY) and possibly Supabase keys. Do not assume no secrets are needed. - Secrets on disk: the setup wizard saves API keys under ~/.config/clawdbot (provider-key.txt). If you install, be aware secrets will be persisted locally; review save paths, file permissions, and consider using least-privilege keys or ephemeral/test keys. - Review source before running: because the repo contains executable JavaScript and a daemon, inspect the code (lib/, bin/) or run it in an isolated environment (container, VM) first. Pay attention to network calls (validateApiKey, web search grounding, any outbound telemetry) and any code that sends data off-host. - Network & provider scope: the skill performs provider API calls to validate keys and run worker requests (Gemini/OpenAI/Anthropic/Groq). Only provide keys scoped with minimal permissions and monitor usage/cost caps. Consider setting cost limits in config before heavy use. - AGENTS.md / prompt guidance: INSTALL.md suggests adding guidance to agent configuration so agents preferentially use Swarm. That can bias agent behavior — do not automatically apply these changes without review. - Run initial tests in sandbox: run npm run diagnose and the test suite in an isolated environment with dummy or limited credentials. Confirm what gets persisted (metrics, caches) and whether any unexpected endpoints are contacted. - Verify origin & integrity: confirm the GitHub repo (https://github.com/Chair4ce/node-scaling) is authentic and matches the published package. If you cannot confirm provenance, avoid installing runnable code into production agents. If you want, I can extract the exact files that read environment variables and list every referenced env var and file path so you can audit which secrets would be exposed or persisted.

Capability Analysis

Type: OpenClaw Skill Name: swarm Version: 1.3.7 The 'swarm' skill bundle is classified as suspicious due to its inherent capabilities for arbitrary web fetching (`lib/tools.js:webFetch`) and extensive LLM interaction, which, if exploited via a sophisticated prompt injection attack, could lead to unauthorized data access or execution. While the skill includes robust security measures (`lib/security.js`) to prevent prompt injection and credential exfiltration (e.g., prepending a security policy to all prompts, scanning inputs for injection attempts, and sanitizing outputs to redact sensitive patterns), the fundamental risk of an LLM-driven tool with network access remains. There is no evidence of intentional malicious behavior, such as data exfiltration to unauthorized endpoints or backdoor installation, but the potential for abuse of its legitimate capabilities warrants a 'suspicious' classification.

Capability Assessment

⚠ Purpose & Capability

The skill advertises itself as an instruction-only cost-savings orchestrator and the registry metadata lists no required environment variables, yet the included repository and SKILL.md clearly require LLM provider API keys (GEMINI_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY) and optionally Supabase creds. README and setup steps instruct cloning the GitHub repo and running npm install — so this is not purely docs-only. The declared minimal requirement (node only, no env) is inconsistent with the actual needs.

⚠ Instruction Scope

SKILL.md and INSTALL.md instruct the agent/user to run a local daemon, run an interactive setup that validates API keys by calling provider endpoints, save API keys to files under ~/.config/clawdbot, enable web search grounding, and optionally add guidance to AGENTS.md so agents prefer Swarm for parallel tasks. These instructions go beyond a simple helper: they require network calls, persistent local services, writing secrets to disk, and altering agent guidance — all of which expand the attack surface and could bias agent behavior.

ℹ Install Mechanism

The registry claims 'no install spec' but the package includes full runtime code and README/setup that instructs git clone + npm install. The source is on GitHub (well-known host), which lowers some risk vs an arbitrary download, but the mismatch between 'instruction-only' metadata and the presence of executable code is concerning — automatic install behavior may be different than promised.

⚠ Credentials

Registry lists no required env vars or primary credential, but the code and docs repeatedly reference GEMINI_API_KEY and other provider keys, and tests/benchmarks mention SUPABASE_URL and SUPABASE_SERVICE_KEY. The setup wizard saves API keys to disk (~/.config/clawdbot/<provider>-key.txt). Requesting and persisting multiple provider and service credentials (not declared) is disproportionate to the metadata and should be explicitly disclosed before installation.

⚠ Persistence & Privilege

The skill runs a background daemon (http://localhost:9999), persists configuration and daily metrics under ~/.config/clawdbot, and writes provider API keys to disk with limited file permissions. While not marked always:true, the daemon is persistent and can make outbound requests to validate keys and perform searches. Persisting secrets locally and altering agent guidance (AGENTS.md) increase lasting privilege and potential exposure.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install swarm
After installation, invoke the skill by name or use /swarm
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.3.7

v1.3.5-1.3.7: Self-reflection, Skeleton-of-Thought, Structured Output, Majority Voting. Quality sprint complete.

v1.3.2

v1.3.2: Chain refinement pipelines, prompt cache (212-514x speedup on hits), stage-level retry, cost tracking with daily persistence, auto-chain builder, benchmark tool, tighter prompts (47% faster chains)

v1.3.0

v1.3.0: Chain pipelines, auto-chain, capabilities discovery, benchmarking

v1.2.0

Cost tracking, auto-retry, task timeouts, dead code cleanup

v1.1.2

Smart research pipeline (auto grounding vs 3-phase), per-task stats, provider validation, CLI status improvements

v1.1.1

Fix display name

v1.1.0

v1.1.0: PII scrubbed

v1.0.4

Fixed metadata format to match ClawHub expectations (JSON-in-YAML)

v1.0.3

Standardized all paths to ~/.openclaw/skills/node-scaling

v1.0.2

Docs: Reframed INSTALL.md as user documentation, removed agent instruction patterns

v1.0.1

Security fix: Removed all hardcoded Supabase credentials. Env vars now required.

v1.0.0

v1.0.0 - Production release with pinned install URLs, MIT license, and fleet benchmarks

v0.9.0

Added install spec for proper OpenClaw installation flow

v0.8.0

Clean formatting, added 6-node fleet benchmark (600 tasks in 3.8s, 181 tasks/sec)

v0.7.0

Security fix: Removed hardcoded Supabase key. Added GEMINI_API_KEY to required env. Clarified Supabase is optional.

v0.6.0

Full implementation with CLI, daemon, and library. Run 'npm install' after installation.

v0.5.0

Full implementation: bin/, lib/, config.js, daemon, CLI tools. Previous versions only had SKILL.md.

v0.4.0

- Updated skill description and documentation in SKILL.md to placeholder/test content. - Previous detailed usage instructions and technical information have been removed.

v0.3.0

```markdown ## [0.3.1] - 2026-01-31 ### Added - **SKILL.md** - Agent-facing documentation for Clawdbot skill system integration - Mandatory usage triggers for parallel work - Quick reference commands - Survival math: 200x cost savings vs Opus ### Changed - Updated benchmarks with verified numbers across multiple batch sizes - README now shows accurate throughput range (14-35 tasks/sec) ### Performance (verified) - **10 tasks**: ~700ms (14 tasks/sec) - **30 tasks**: ~1,000ms (30 tasks/sec) - **50 tasks**: ~1,450ms (35 tasks/sec) - Larger batches yield higher throughput (amortizes connection overhead) ```

v0.2.0

v0.2.0 - Major release with Swarm Daemon for instant response times (<10ms TTFT), real-time worker feedback, diagnostics system, and 24-test suite. 2-5x speedup on parallel tasks.

Metadata

Slug swarm

Version 1.3.7

License —

All-time Installs 17

Active Installs 14

Total Versions 20

Frequently Asked Questions

What is Swarm?

Cut your LLM costs by 200x. Offload parallel, batch, and research work to Gemini Flash workers instead of burning your expensive primary model. It is an AI Agent Skill for Claude Code / OpenClaw, with 3592 downloads so far.

How do I install Swarm?

Run "/install swarm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Swarm free?

Yes, Swarm is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Swarm support?

Swarm is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Swarm?

It is built and maintained by ChairForce (@chair4ce); the current version is v1.3.7.

More Skills