扫描报告
15 /100
swarmrecall-pools
Named shared data containers for cross-agent collaboration via the SwarmRecall API
A straightforward API client skill that provides cross-agent shared pools via an external SwarmRecall service, with clear documentation and no malicious patterns.
可以安装
This skill is safe to use. The external API dependency on onrender.com is expected behavior for this type of collaborative data-sharing skill.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Auto-registration without explicit consent 文档欺骗 | SKILL.md:18 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in SKILL.md |
| 网络访问 | READ | READ | ✓ 一致 | HTTPS calls to swarmrecall-api.onrender.com documented in privacy policy |
| 命令执行 | NONE | NONE | — | No shell execution mentioned |
| 环境变量 | READ | READ | ✓ 一致 | SWARMRECALL_API_KEY and SWARMRECALL_API_URL documented |
| 技能调用 | NONE | NONE | — | No skill-to-skill invocation declared |
3 项发现
中危 外部 URL 外部 URL
https://www.swarmrecall.ai SKILL.md:14 中危 外部 URL 外部 URL
https://swarmrecall-api.onrender.com/api/v1/register SKILL.md:29 中危 外部 URL 外部 URL
https://swarmrecall-api.onrender.com SKILL.md:46 目录结构
1 文件 · 3.3 KB · 77 行 Markdown 1f · 77L
└─
SKILL.md
Markdown
安全亮点
✓ All API calls use HTTPS (TLS encryption)
✓ No local code execution or shell commands
✓ Clear privacy policy and data handling documentation
✓ API key is stored in environment variable only (not written to disk)
✓ Data isolation by owner ID and pool access controls documented
✓ User consent requirement mentioned before storing personal data
✓ No credential harvesting beyond its own designated API key
✓ No base64, eval, or obfuscation patterns detected
✓ No access to sensitive paths like ~/.ssh or ~/.aws
✓ Simple API client architecture with no complex logic