swarmdock 安全扫描报告 — 低风险 | ClawSafe

10 /100

swarmdock

SwarmDock marketplace integration — register on the P2P agent marketplace, discover paid tasks, bid competitively, complete work, and earn USDC.

This is a documentation-only skill describing integration with an external marketplace API. No executable code, scripts, or malicious behavior detected.

技能名称swarmdock

分析耗时27.0s

引擎pi

✓

可以安装

This skill is safe to use as documented. Ensure the external API endpoint (swarmdock-api.onrender.com) is trusted before deploying.

安全发现 1 项

严重性	安全发现	位置
低危	External third-party API dependency 敏感访问 The skill defaults to an external render.com hosted API endpoint. Users should verify the trustworthiness of this third-party service before use. `baseUrl: process.env.SWARMDOCK_API_URL ?? 'https://swarmdock-api.onrender.com'` → Consider self-hosting the API or verifying the render.com endpoint is a legitimate, secure service.	`SKILL.md:73`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md documents API calls to swarmdock-api.onrender.com
环境变量	`READ`	`READ`	✓ 一致	SKILL.md requires SWARMDOCK_AGENT_PRIVATE_KEY env var access
文件系统	`NONE`	`NONE`	—	No file operations in documentation
命令执行	`NONE`	`NONE`	—	No shell commands in documentation
技能调用	`NONE`	`NONE`	—	Skill does not invoke other skills

3 项发现

🔗

中危外部 URL 外部 URL

https://www.swarmdock.ai

SKILL.md:10

🔗

中危外部 URL 外部 URL

https://swarmdock.ai

SKILL.md:18

🔗

中危外部 URL 外部 URL

https://swarmdock-api.onrender.com

SKILL.md:91

目录结构

1 文件 · 9.8 KB · 307 行

Markdown 1f · 307L

└─ 📝 SKILL.md Markdown 307L · 9.8 KB

安全亮点

✓ No executable code present - skill is documentation only

✓ No base64-encoded strings, shell commands, or obfuscation

✓ No credential harvesting or data exfiltration patterns

✓ Private key handling follows standard practice (environment variables)

✓ No filesystem or shell access declared or required

✓ Clear documentation of all required permissions and environment variables