Scan Report
15 /100
swarmrecall-pools
Named shared data containers for cross-agent collaboration via the SwarmRecall API
A straightforward API client skill that provides cross-agent shared pools via an external SwarmRecall service, with clear documentation and no malicious patterns.
Safe to install
This skill is safe to use. The external API dependency on onrender.com is expected behavior for this type of collaborative data-sharing skill.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Auto-registration without explicit consent Doc Mismatch | SKILL.md:18 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in SKILL.md |
| Network | READ | READ | ✓ Aligned | HTTPS calls to swarmrecall-api.onrender.com documented in privacy policy |
| Shell | NONE | NONE | — | No shell execution mentioned |
| Environment | READ | READ | ✓ Aligned | SWARMRECALL_API_KEY and SWARMRECALL_API_URL documented |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation declared |
3 findings
Medium External URL 外部 URL
https://www.swarmrecall.ai SKILL.md:14 Medium External URL 外部 URL
https://swarmrecall-api.onrender.com/api/v1/register SKILL.md:29 Medium External URL 外部 URL
https://swarmrecall-api.onrender.com SKILL.md:46 File Tree
1 files · 3.3 KB · 77 lines Markdown 1f · 77L
└─
SKILL.md
Markdown
Security Positives
✓ All API calls use HTTPS (TLS encryption)
✓ No local code execution or shell commands
✓ Clear privacy policy and data handling documentation
✓ API key is stored in environment variable only (not written to disk)
✓ Data isolation by owner ID and pool access controls documented
✓ User consent requirement mentioned before storing personal data
✓ No credential harvesting beyond its own designated API key
✓ No base64, eval, or obfuscation patterns detected
✓ No access to sensitive paths like ~/.ssh or ~/.aws
✓ Simple API client architecture with no complex logic