Scan Report
10 /100
swarmrecall-learnings
Error tracking, correction logging, and pattern detection via the SwarmRecall API
A well-documented learning/logging skill that sends data to an external API. All behavior is clearly declared with appropriate privacy safeguards.
Safe to install
This skill is safe to use. Ensure users understand their learnings data will be stored on SwarmRecall servers before enabling this skill.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access declared or used |
| Network | READ | READ | ✓ Aligned | HTTPS requests to swarmrecall-api.onrender.com documented in SKILL.md |
| Shell | NONE | NONE | — | No shell execution found |
| Environment | READ | READ | ✓ Aligned | Reads SWARMRECALL_API_KEY, sets it via API response |
| Skill Invoke | NONE | NONE | — | No skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No direct database access |
3 findings
Medium External URL 外部 URL
https://www.swarmrecall.ai SKILL.md:14 Medium External URL 外部 URL
https://swarmrecall-api.onrender.com/api/v1/register SKILL.md:29 Medium External URL 外部 URL
https://swarmrecall-api.onrender.com SKILL.md:46 File Tree
1 files · 5.3 KB · 133 lines Markdown 1f · 133L
└─
SKILL.md
Markdown
Security Positives
✓ API key stored in environment only, never written to disk
✓ Explicitly warns against writing credentials to disk
✓ Requires user consent before storing personal/sensitive information
✓ All network calls use HTTPS
✓ Tenant isolation by owner ID and agent ID
✓ No shell execution capabilities
✓ No filesystem access required
✓ Comprehensive privacy policy with data handling details
✓ Open-source branding (swarmclawai) with legitimate domain