← 返回 Skills 市场
Grok Swarm
作者
Billy Brenner
· GitHub ↗
· v1.0.9
· MIT-0
223
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install grok-swarm
功能描述
Refactors code using Grok 4.20 multi-agent swarm to improve readability, maintain behavior, add modern patterns, and explain changes.
使用说明 (SKILL.md)
Grok Swarm
Multi-agent intelligence powered by Grok 4.20 Multi-Agent Beta
Give any AI coding agent access to a 4-agent swarm with ~2M token context for code analysis, refactoring, generation, and complex reasoning.
- Version: 1.0.8
- Platforms: OpenClaw, Claude Code
- Modes: analyze, refactor, code, reason, orchestrate
Overview
Grok 4.20 coordinates 4 agents (orchestrator + specialists + critics) to:
- Analyze codebases for security, architecture, and bugs
- Refactor code while preserving behavior
- Generate features, tests, and boilerplate
- Reason through complex architectural decisions
Features
- 4-Agent Coordination — Multi-perspective reasoning
- Massive Context — ~2M token window
- File Writing — Write annotated code blocks directly to disk
- Tool Passthrough — Use OpenAI-format tools with Grok
Usage
OpenClaw
tools.grok_swarm({
prompt: "Analyze security of this auth module",
mode: "analyze",
files: ["src/auth/*.ts"]
});
Claude Code
/grok-swarm:analyze Review auth module security
/grok-swarm:refactor Convert to async/await
/grok-swarm:code Write FastAPI endpoint
Task Modes
| Mode | Description |
|---|---|
analyze |
Security audits, architecture review |
refactor |
Modernization, migration |
code |
Feature generation, tests |
reason |
Multi-perspective reasoning |
orchestrate |
Custom agent handoff |
Requirements
- Python 3.8+
- Node.js 18+
openai>=1.0.0- OpenRouter API key with Grok 4.20 access
API Key
Set your API key:
export OPENROUTER_API_KEY=sk-or-v1-...
Or create ~/.config/grok-swarm/config.json:
mkdir -p ~/.config/grok-swarm
echo '{"api_key": "sk-or-v1-..."}' > ~/.config/grok-swarm/config.json
chmod 600 ~/.config/grok-swarm/config.json
Installation
# Via ClawHub
clawhub install grok-swarm
# Via npm
npm install @khaentertainment/grok-swarm
安全使用建议
What to consider before installing:
- Expect to provide an OpenRouter API key (OPENROUTER_API_KEY) or add it to ~/.config/grok-swarm/config.json; note the registry metadata did not declare this requirement—check before installing.
- The bridge will search several OpenClaw auth-profiles.json locations for keys. If you store other credentials there, be aware the skill will read those files while searching for a key—inspect grok_bridge.get_api_key if this concerns you.
- The CLI supports writing files to disk (with a dry-run default) and has an --execute option that runs arbitrary shell commands (subprocess.run with shell=True). Avoid enabling --execute or --apply unless you trust the returned content and run in a sandbox.
- The included install.sh will copy files into ~/.openclaw and create a Python venv and pip-install packages; review the script and run it manually in a controlled environment (or container) rather than blindly executing.
- If you plan to enable this skill for autonomous agents, restrict its permissions (limit output-dir, do not expose sensitive config directories) or require manual invocation. Review the code (grok_bridge.py, cli.py) yourself, and consider running initial tests in an isolated VM/container.
- If you need higher assurance, request the publisher/source (none provided) or a signed release hosted on a known release host; absence of a homepage/source is an additional trust gap.
功能分析
Type: OpenClaw Skill
Name: grok-swarm
Version: 1.0.9
The skill bundle provides high-risk capabilities including arbitrary shell command execution via an `--execute` flag in `bridge/cli.py` and the ability to write files to the local filesystem in `bridge/apply.py`. While it implements path traversal protections, the `bridge/grok_bridge.py` script also contains logic to search for and read sensitive API keys from multiple local configuration files, including OpenClaw's internal `auth-profiles.json`. The use of a suspicious version name ('Grok 4.20') and a future publication date in `_meta.json` adds to the concern, although no clear evidence of intentional data exfiltration or hidden malicious payloads was found.
能力评估
Purpose & Capability
The code and SKILL.md align with the described purpose (bridge to Grok 4.20 for analysis/refactor/write). However the package metadata lists no required env vars while the SKILL.md and grok_bridge.py clearly require an OpenRouter API key. grok_bridge.get_api_key also attempts to read several OpenClaw auth-profiles.json paths to locate credentials — this is more expansive than the SKILL.md explains and may access unrelated stored auth profiles.
Instruction Scope
SKILL.md instructs the user to set OPENROUTER_API_KEY or a config file and describes file-writing features. The implementation goes beyond that: the CLI supports an --execute option that runs an arbitrary shell command (subprocess.run with shell=True), and the bridge will read local OpenClaw auth files to find keys. File-writing functions attempt to validate paths (good) but the tool can write files to disk (and the installer copies into ~/.openclaw). These behaviors are within the realm of a refactoring bridge but are not fully documented in the metadata and increase risk.
Install Mechanism
No registry install spec is provided (instruction-only), but the repository includes an install.sh that copies files into ~/.openclaw, creates a venv, and pip-installs openai. The script must be run manually, but it performs filesystem writes and package installs. This is expected for a plugin installer, but you should inspect and run it only in a controlled context.
Credentials
Metadata declares no required env vars though SKILL.md and code require OPENROUTER_API_KEY (or config file). The bridge also attempts to read multiple OpenClaw auth profile files to locate keys—this scope of credential access is broader than advertised. There are also optional integrations (Morph/Claude MCP) that rely on local CLI tools (claude mcp) called via subprocess. Requiring/reading secrets from multiple local config places without declaring them is disproportionate.
Persistence & Privilege
always:false (good). The skill does not request permanent platform-wide privileges in the manifest. However, it includes facilities that can modify disk (write code files), run external CLI tools, and execute arbitrary shell commands via --execute. If an agent invokes the skill autonomously, those capabilities increase the blast radius—consider limiting autonomous invocation or restricting allowed command usage.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install grok-swarm - 安装完成后,直接呼叫该 Skill 的名称或使用
/grok-swarm触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.9
Restore to 1.0.3 code state (was benign)
v1.0.7
Add justification for static analysis flags
v1.0.6
Benign version
v1.0.5
Revert to benign version
v1.0.4
Fix short description
v1.0.3
Update SKILL.md with full description and security warnings
v1.0.2
Fix title to Grok Multi-Agent Swarm
v1.0.1
Update description to reflect full multi-agent capabilities
v1.0.0
Initial release
元数据
常见问题
Grok Swarm 是什么?
Refactors code using Grok 4.20 multi-agent swarm to improve readability, maintain behavior, add modern patterns, and explain changes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 223 次。
如何安装 Grok Swarm?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install grok-swarm」即可一键安装,无需额外配置。
Grok Swarm 是免费的吗?
是的,Grok Swarm 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Grok Swarm 支持哪些平台?
Grok Swarm 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Grok Swarm?
由 Billy Brenner(@khaentertainment)开发并维护,当前版本 v1.0.9。
推荐 Skills