← 返回 Skills 市场
chair4ce

Swarm

作者 ChairForce · GitHub ↗ · v1.3.7
cross-platform ⚠ suspicious
3592
总下载
8
收藏
14
当前安装
20
版本数
在 OpenClaw 中安装
/install swarm
功能描述
Cut your LLM costs by 200x. Offload parallel, batch, and research work to Gemini Flash workers instead of burning your expensive primary model.
安全使用建议
Key points to consider before installing/using this skill: - Metadata mismatch: the registry claims no credentials and 'instruction-only', but the package includes runnable code and requires LLM provider API keys (e.g., GEMINI_API_KEY) and possibly Supabase keys. Do not assume no secrets are needed. - Secrets on disk: the setup wizard saves API keys under ~/.config/clawdbot (provider-key.txt). If you install, be aware secrets will be persisted locally; review save paths, file permissions, and consider using least-privilege keys or ephemeral/test keys. - Review source before running: because the repo contains executable JavaScript and a daemon, inspect the code (lib/, bin/) or run it in an isolated environment (container, VM) first. Pay attention to network calls (validateApiKey, web search grounding, any outbound telemetry) and any code that sends data off-host. - Network & provider scope: the skill performs provider API calls to validate keys and run worker requests (Gemini/OpenAI/Anthropic/Groq). Only provide keys scoped with minimal permissions and monitor usage/cost caps. Consider setting cost limits in config before heavy use. - AGENTS.md / prompt guidance: INSTALL.md suggests adding guidance to agent configuration so agents preferentially use Swarm. That can bias agent behavior — do not automatically apply these changes without review. - Run initial tests in sandbox: run npm run diagnose and the test suite in an isolated environment with dummy or limited credentials. Confirm what gets persisted (metrics, caches) and whether any unexpected endpoints are contacted. - Verify origin & integrity: confirm the GitHub repo (https://github.com/Chair4ce/node-scaling) is authentic and matches the published package. If you cannot confirm provenance, avoid installing runnable code into production agents. If you want, I can extract the exact files that read environment variables and list every referenced env var and file path so you can audit which secrets would be exposed or persisted.
功能分析
Type: OpenClaw Skill Name: swarm Version: 1.3.7 The 'swarm' skill bundle is classified as suspicious due to its inherent capabilities for arbitrary web fetching (`lib/tools.js:webFetch`) and extensive LLM interaction, which, if exploited via a sophisticated prompt injection attack, could lead to unauthorized data access or execution. While the skill includes robust security measures (`lib/security.js`) to prevent prompt injection and credential exfiltration (e.g., prepending a security policy to all prompts, scanning inputs for injection attempts, and sanitizing outputs to redact sensitive patterns), the fundamental risk of an LLM-driven tool with network access remains. There is no evidence of intentional malicious behavior, such as data exfiltration to unauthorized endpoints or backdoor installation, but the potential for abuse of its legitimate capabilities warrants a 'suspicious' classification.
能力评估
Purpose & Capability
The skill advertises itself as an instruction-only cost-savings orchestrator and the registry metadata lists no required environment variables, yet the included repository and SKILL.md clearly require LLM provider API keys (GEMINI_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY) and optionally Supabase creds. README and setup steps instruct cloning the GitHub repo and running npm install — so this is not purely docs-only. The declared minimal requirement (node only, no env) is inconsistent with the actual needs.
Instruction Scope
SKILL.md and INSTALL.md instruct the agent/user to run a local daemon, run an interactive setup that validates API keys by calling provider endpoints, save API keys to files under ~/.config/clawdbot, enable web search grounding, and optionally add guidance to AGENTS.md so agents prefer Swarm for parallel tasks. These instructions go beyond a simple helper: they require network calls, persistent local services, writing secrets to disk, and altering agent guidance — all of which expand the attack surface and could bias agent behavior.
Install Mechanism
The registry claims 'no install spec' but the package includes full runtime code and README/setup that instructs git clone + npm install. The source is on GitHub (well-known host), which lowers some risk vs an arbitrary download, but the mismatch between 'instruction-only' metadata and the presence of executable code is concerning — automatic install behavior may be different than promised.
Credentials
Registry lists no required env vars or primary credential, but the code and docs repeatedly reference GEMINI_API_KEY and other provider keys, and tests/benchmarks mention SUPABASE_URL and SUPABASE_SERVICE_KEY. The setup wizard saves API keys to disk (~/.config/clawdbot/<provider>-key.txt). Requesting and persisting multiple provider and service credentials (not declared) is disproportionate to the metadata and should be explicitly disclosed before installation.
Persistence & Privilege
The skill runs a background daemon (http://localhost:9999), persists configuration and daily metrics under ~/.config/clawdbot, and writes provider API keys to disk with limited file permissions. While not marked always:true, the daemon is persistent and can make outbound requests to validate keys and perform searches. Persisting secrets locally and altering agent guidance (AGENTS.md) increase lasting privilege and potential exposure.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install swarm
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /swarm 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.7
v1.3.5-1.3.7: Self-reflection, Skeleton-of-Thought, Structured Output, Majority Voting. Quality sprint complete.
v1.3.2
v1.3.2: Chain refinement pipelines, prompt cache (212-514x speedup on hits), stage-level retry, cost tracking with daily persistence, auto-chain builder, benchmark tool, tighter prompts (47% faster chains)
v1.3.0
v1.3.0: Chain pipelines, auto-chain, capabilities discovery, benchmarking
v1.2.0
Cost tracking, auto-retry, task timeouts, dead code cleanup
v1.1.2
Smart research pipeline (auto grounding vs 3-phase), per-task stats, provider validation, CLI status improvements
v1.1.1
Fix display name
v1.1.0
v1.1.0: PII scrubbed
v1.0.4
Fixed metadata format to match ClawHub expectations (JSON-in-YAML)
v1.0.3
Standardized all paths to ~/.openclaw/skills/node-scaling
v1.0.2
Docs: Reframed INSTALL.md as user documentation, removed agent instruction patterns
v1.0.1
Security fix: Removed all hardcoded Supabase credentials. Env vars now required.
v1.0.0
v1.0.0 - Production release with pinned install URLs, MIT license, and fleet benchmarks
v0.9.0
Added install spec for proper OpenClaw installation flow
v0.8.0
Clean formatting, added 6-node fleet benchmark (600 tasks in 3.8s, 181 tasks/sec)
v0.7.0
Security fix: Removed hardcoded Supabase key. Added GEMINI_API_KEY to required env. Clarified Supabase is optional.
v0.6.0
Full implementation with CLI, daemon, and library. Run 'npm install' after installation.
v0.5.0
Full implementation: bin/, lib/, config.js, daemon, CLI tools. Previous versions only had SKILL.md.
v0.4.0
- Updated skill description and documentation in SKILL.md to placeholder/test content. - Previous detailed usage instructions and technical information have been removed.
v0.3.0
```markdown ## [0.3.1] - 2026-01-31 ### Added - **SKILL.md** - Agent-facing documentation for Clawdbot skill system integration - Mandatory usage triggers for parallel work - Quick reference commands - Survival math: 200x cost savings vs Opus ### Changed - Updated benchmarks with verified numbers across multiple batch sizes - README now shows accurate throughput range (14-35 tasks/sec) ### Performance (verified) - **10 tasks**: ~700ms (14 tasks/sec) - **30 tasks**: ~1,000ms (30 tasks/sec) - **50 tasks**: ~1,450ms (35 tasks/sec) - Larger batches yield higher throughput (amortizes connection overhead) ```
v0.2.0
v0.2.0 - Major release with Swarm Daemon for instant response times (<10ms TTFT), real-time worker feedback, diagnostics system, and 24-test suite. 2-5x speedup on parallel tasks.
元数据
Slug swarm
版本 1.3.7
许可证
累计安装 17
当前安装数 14
历史版本数 20
常见问题

Swarm 是什么?

Cut your LLM costs by 200x. Offload parallel, batch, and research work to Gemini Flash workers instead of burning your expensive primary model. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3592 次。

如何安装 Swarm?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install swarm」即可一键安装,无需额外配置。

Swarm 是免费的吗?

是的,Swarm 完全免费(开源免费),可自由下载、安装和使用。

Swarm 支持哪些平台?

Swarm 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Swarm?

由 ChairForce(@chair4ce)开发并维护,当前版本 v1.3.7。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论