← Back to Skills Marketplace
openclaw skill for swarms ai
by
NewSoulOnTheBlock
· GitHub ↗
· v1.0.0
498
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install swarms-ai
Description
Build and orchestrate multi-agent AI systems using the Swarms API. Use when creating single agents, multi-agent swarms (sequential, concurrent, hierarchical,...
Usage Guidance
Before installing or enabling this skill, get answers to these questions: (1) Which credentials does the skill actually require? The examples use x-api-key and Solana private keys but the metadata lists none — the publisher should declare required env vars and their minimum privileges. (2) Never paste or upload mainnet private keys into requests; ask for alternatives (ephemeral/test wallets, delegated signing/custody, or a signing service). (3) Confirm whether agents/sub-agents can access your host filesystem or other agent credentials — if so, restrict or disable "max_loops: \"auto\"" and file operation tools unless absolutely necessary. (4) Verify the API endpoints and publisher (source/homepage are missing); only use limited-scope API keys and testnet tokens until you trust the service. If the publisher cannot justify the missing credential declarations and the choice to send private keys in requests, treat the skill as risky and avoid installing or using autonomous modes.
Capability Analysis
Type: OpenClaw Skill
Name: swarms-ai
Version: 1.0.0
The skill is classified as suspicious due to two critical vulnerabilities. First, it explicitly instructs and provides examples for transmitting Solana wallet private keys directly in API requests to `swarms.world` for token launching and payment processing (SKILL.md, references/atp-protocol.md, references/marketplace.md). This is an extremely insecure method for handling sensitive cryptographic keys, making them vulnerable to interception or compromise. Second, the skill exposes file system manipulation tools (`create_file`, `read_file`, `update_file`, `delete_file`) to the AI agent when `max_loops='auto'` is enabled (references/sub-agents.md, references/tools.md). While `run_bash` is explicitly disallowed, these file operations present a significant prompt injection risk, potentially allowing a malicious agent prompt to read, modify, or delete arbitrary files on the host system if the OpenClaw execution environment is not perfectly sandboxed.
Capability Assessment
Purpose & Capability
The name/description match the content: the SKILL.md documents Swarms API endpoints, swarm architectures, streaming, marketplace token launches, and sub-agent delegation — all coherent with a 'swarms' orchestration skill. However, the examples rely on an API key (x-api-key) and Solana wallet private keys, yet the registry metadata declares no required environment variables or primary credential. That mismatch (declaring no credentials while the instructions require API keys and wallet keys) is unexplained and should be clarified.
Instruction Scope
The runtime instructions include examples that embed/submit highly sensitive material (Solana private_key in JSON payload; wallet private keys in ATP headers) and describe enabling autonomous modes (max_loops: "auto") with internal tools that include create_file/read_file/list_directory/delete_file and create_sub_agent/assign_task. While the skill does not directly instruct reading local host files, the documentation exposes mechanisms that — if used — could cause agents to create sub-agents, perform file operations, and transmit data. The ATP flow also describes sending wallet keys in requests. These instruction-level choices broaden the attack surface and are not scoped or limited in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by the skill itself.
Credentials
Examples and reference docs clearly require an API key (x-api-key / Authorization: Bearer) and—in marketplace/token launch and ATP—Solana wallet private keys or wallet_private_key headers. Yet requires.env and primary credential are empty. Requesting wallet private keys inside API requests is high-risk and should have explicit handling guidance (never store/log, use ephemeral/test keys, use signing services or delegated custody). The skill asks for sensitive secrets in-band without declaring them in metadata or advising safer alternatives.
Persistence & Privilege
always:false and no install means the skill won't be force-installed. However, the docs encourage configurations that enable autonomous loops (max_loops: "auto") and internal tools that can spawn sub-agents and perform file ops. Combined with agent autonomy (model invocation not disabled), this can enable long-running autonomous behaviors that interact with external systems and files — a legitimate capability but one that raises the blast radius if misused. The skill does not request persistent privileges itself, but usage patterns it documents can grant broad runtime powers.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install swarms-ai - After installation, invoke the skill by name or use
/swarms-ai - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the swarms-ai skill, providing a comprehensive guide for building and orchestrating multi-agent AI systems with the Swarms API.
- Supports creation of single agents and swarms (3–10,000+ agents) with multiple architecture patterns (sequential, concurrent, hierarchical, etc.).
- Includes detailed API endpoint usage, parameters, and Python code examples for single/multi-agent orchestration.
- Features integration for launching agent tokens on Solana, ATP payment protocol, and publishing to Swarms Marketplace.
- Provides a quick reference for authentication, available swarm architectures, agent configuration parameters, and related resources.
Metadata
Frequently Asked Questions
What is openclaw skill for swarms ai?
Build and orchestrate multi-agent AI systems using the Swarms API. Use when creating single agents, multi-agent swarms (sequential, concurrent, hierarchical,... It is an AI Agent Skill for Claude Code / OpenClaw, with 498 downloads so far.
How do I install openclaw skill for swarms ai?
Run "/install swarms-ai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is openclaw skill for swarms ai free?
Yes, openclaw skill for swarms ai is completely free (open-source). You can download, install and use it at no cost.
Which platforms does openclaw skill for swarms ai support?
openclaw skill for swarms ai is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created openclaw skill for swarms ai?
It is built and maintained by NewSoulOnTheBlock (@newsoulontheblock); the current version is v1.0.0.
More Skills