Scan Report
0 /100
swarmrecall-skills
Skill registry for tracking agent capabilities and getting contextual suggestions via the SwarmRecall API.
This is a pure-documentation skill (SKILL.md only) that declares its remote API calls, credential handling, and data flow transparently with no hidden functionality.
Safe to install
No action needed. This skill is safe to use. Optionally clarify the 'persistence' tag in metadata to avoid confusion about its meaning (registry persistence vs. system persistence).
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md: No file read/write operations described or implied. |
| Network | READ | READ | ✓ Aligned | SKILL.md:29-38,47-48 — All network calls (register, GET/PATCH/DELETE skills) ful… |
| Shell | NONE | NONE | — | SKILL.md: No shell or subprocess usage described. |
| Environment | READ | READ | ✓ Aligned | SKILL.md:13 — Requires SWARMRECALL_API_KEY env var; explicitly states not to wri… |
| Skill Invoke | NONE | NONE | — | SKILL.md: No skill_invoke capabilities used. |
| Clipboard | NONE | NONE | — | SKILL.md: No clipboard access. |
| Browser | NONE | NONE | — | SKILL.md: No browser usage. |
| Database | NONE | NONE | — | SKILL.md: No direct database access; remote PostgreSQL is server-side (declared)… |
3 findings
Medium External URL 外部 URL
https://www.swarmrecall.ai SKILL.md:14 Medium External URL 外部 URL
https://swarmrecall-api.onrender.com/api/v1/register SKILL.md:29 Medium External URL 外部 URL
https://swarmrecall-api.onrender.com SKILL.md:46 File Tree
1 files · 4.0 KB · 113 lines Markdown 1f · 113L
└─
SKILL.md
Markdown
Security Positives
✓ All network calls to swarmrecall-api.onrender.com are explicitly declared in SKILL.md
✓ Credential (SWARMRECALL_API_KEY) handling is documented and explicitly forbids disk writes
✓ Privacy policy and data isolation (tenant/owner/agent scoped) are declared
✓ HTTPS is confirmed for all data transmission
✓ No obfuscation, base64, eval, or anti-analysis patterns present
✓ No credential harvesting beyond the declared API key
✓ No file system, shell, or clipboard access attempted
✓ Only one file (SKILL.md) — no hidden scripts or supply chain dependencies
✓ Tag 'persistence' refers to registry persistence (sharing skills), not system backdoors