← 返回 Skills 市场
newsoulontheblock

openclaw skill for swarms ai

作者 NewSoulOnTheBlock · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
498
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install swarms-ai
功能描述
Build and orchestrate multi-agent AI systems using the Swarms API. Use when creating single agents, multi-agent swarms (sequential, concurrent, hierarchical,...
安全使用建议
Before installing or enabling this skill, get answers to these questions: (1) Which credentials does the skill actually require? The examples use x-api-key and Solana private keys but the metadata lists none — the publisher should declare required env vars and their minimum privileges. (2) Never paste or upload mainnet private keys into requests; ask for alternatives (ephemeral/test wallets, delegated signing/custody, or a signing service). (3) Confirm whether agents/sub-agents can access your host filesystem or other agent credentials — if so, restrict or disable "max_loops: \"auto\"" and file operation tools unless absolutely necessary. (4) Verify the API endpoints and publisher (source/homepage are missing); only use limited-scope API keys and testnet tokens until you trust the service. If the publisher cannot justify the missing credential declarations and the choice to send private keys in requests, treat the skill as risky and avoid installing or using autonomous modes.
功能分析
Type: OpenClaw Skill Name: swarms-ai Version: 1.0.0 The skill is classified as suspicious due to two critical vulnerabilities. First, it explicitly instructs and provides examples for transmitting Solana wallet private keys directly in API requests to `swarms.world` for token launching and payment processing (SKILL.md, references/atp-protocol.md, references/marketplace.md). This is an extremely insecure method for handling sensitive cryptographic keys, making them vulnerable to interception or compromise. Second, the skill exposes file system manipulation tools (`create_file`, `read_file`, `update_file`, `delete_file`) to the AI agent when `max_loops='auto'` is enabled (references/sub-agents.md, references/tools.md). While `run_bash` is explicitly disallowed, these file operations present a significant prompt injection risk, potentially allowing a malicious agent prompt to read, modify, or delete arbitrary files on the host system if the OpenClaw execution environment is not perfectly sandboxed.
能力评估
Purpose & Capability
The name/description match the content: the SKILL.md documents Swarms API endpoints, swarm architectures, streaming, marketplace token launches, and sub-agent delegation — all coherent with a 'swarms' orchestration skill. However, the examples rely on an API key (x-api-key) and Solana wallet private keys, yet the registry metadata declares no required environment variables or primary credential. That mismatch (declaring no credentials while the instructions require API keys and wallet keys) is unexplained and should be clarified.
Instruction Scope
The runtime instructions include examples that embed/submit highly sensitive material (Solana private_key in JSON payload; wallet private keys in ATP headers) and describe enabling autonomous modes (max_loops: "auto") with internal tools that include create_file/read_file/list_directory/delete_file and create_sub_agent/assign_task. While the skill does not directly instruct reading local host files, the documentation exposes mechanisms that — if used — could cause agents to create sub-agents, perform file operations, and transmit data. The ATP flow also describes sending wallet keys in requests. These instruction-level choices broaden the attack surface and are not scoped or limited in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by the skill itself.
Credentials
Examples and reference docs clearly require an API key (x-api-key / Authorization: Bearer) and—in marketplace/token launch and ATP—Solana wallet private keys or wallet_private_key headers. Yet requires.env and primary credential are empty. Requesting wallet private keys inside API requests is high-risk and should have explicit handling guidance (never store/log, use ephemeral/test keys, use signing services or delegated custody). The skill asks for sensitive secrets in-band without declaring them in metadata or advising safer alternatives.
Persistence & Privilege
always:false and no install means the skill won't be force-installed. However, the docs encourage configurations that enable autonomous loops (max_loops: "auto") and internal tools that can spawn sub-agents and perform file ops. Combined with agent autonomy (model invocation not disabled), this can enable long-running autonomous behaviors that interact with external systems and files — a legitimate capability but one that raises the blast radius if misused. The skill does not request persistent privileges itself, but usage patterns it documents can grant broad runtime powers.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install swarms-ai
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /swarms-ai 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the swarms-ai skill, providing a comprehensive guide for building and orchestrating multi-agent AI systems with the Swarms API. - Supports creation of single agents and swarms (3–10,000+ agents) with multiple architecture patterns (sequential, concurrent, hierarchical, etc.). - Includes detailed API endpoint usage, parameters, and Python code examples for single/multi-agent orchestration. - Features integration for launching agent tokens on Solana, ATP payment protocol, and publishing to Swarms Marketplace. - Provides a quick reference for authentication, available swarm architectures, agent configuration parameters, and related resources.
元数据
Slug swarms-ai
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

openclaw skill for swarms ai 是什么?

Build and orchestrate multi-agent AI systems using the Swarms API. Use when creating single agents, multi-agent swarms (sequential, concurrent, hierarchical,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 498 次。

如何安装 openclaw skill for swarms ai?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install swarms-ai」即可一键安装,无需额外配置。

openclaw skill for swarms ai 是免费的吗?

是的,openclaw skill for swarms ai 完全免费(开源免费),可自由下载、安装和使用。

openclaw skill for swarms ai 支持哪些平台?

openclaw skill for swarms ai 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 openclaw skill for swarms ai?

由 NewSoulOnTheBlock(@newsoulontheblock)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论