中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:1 天前 重新扫描
10 /100
claude-swarm
Claude-native multi-agent swarm orchestration for parallel coding via git worktrees and tmux
A legitimate multi-agent orchestration tool for spawning Claude Code agents in parallel via git worktrees and tmux, with properly documented capabilities. No malicious behavior, hidden exfiltration, or undocumented sensitive access observed.
技能名称claude-swarm
分析耗时47.5s
引擎pi
可以安装
Verify that SWARM_WEBHOOK_URL and SWARM_TELEGRAM_BOT_TOKEN/SWARM_TELEGRAM_CHAT_ID point to trusted endpoints. Pin dependency versions in requirements.txt before auto-install. Consider documenting that spawned agents run with bypassPermissions.

安全发现 2 项

严重性 安全发现 位置
低危
Auto-install of unpinned dependencies 供应链
spawn-agent.sh auto-installs from requirements.txt without version pinning, which could pull unexpected versions of packages at runtime.
pip install -r requirements.txt 2>/dev/null || true
→ Pin package versions (e.g., pip install -r requirements.txt --require-hashes) or disable auto-install and require manual setup.
 scripts/spawn-agent.sh:95
低危
bypassPermissions not explicitly declared in SKILL.md 文档欺骗
Spawned Claude Code agents run with --permission-mode bypassPermissions, which grants elevated permissions. This is visible in the runner script but not mentioned in SKILL.md documentation.
claude --model "$MODEL" --effort "$EFFORT" --permission-mode bypassPermissions --print "$PROMPT"
→ Document that spawned agents operate with bypassPermissions in SKILL.md so users understand the privilege model.
 scripts/spawn-agent.sh:125
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✓ 一致 Spawns Claude Code agents via tmux with bypassPermissions — shell access is core…
文件系统 NONE WRITE ✓ 一致 Creates worktrees, writes logs, writes runner scripts — all scoped to project di…
网络访问 READ READ ✓ 一致 Webhook/Telegram POSTs only to user-configured SWARM_WEBHOOK_URL / SWARM_TELEGRA…
环境变量 NONE READ ✓ 一致 Reads SWARM_* config vars from swarm.conf via 'source'; does not harvest keys br…
1 项发现
🔗
中危 外部 URL 外部 URL
https://api.telegram.org/bot$
scripts/notify.sh:22

目录结构

10 文件 · 28.7 KB · 792 行
Shell 8f · 658L Markdown 1f · 105L JSON 1f · 29L
├─ 📁 config
│ └─ 📋 duty-table.json JSON 29L · 748 B
├─ 📁 scripts
│ ├─ 🔧 check-agents.sh Shell 24L · 760 B
│ ├─ 🔧 cleanup.sh Shell 45L · 1.2 KB
│ ├─ 🔧 endorse-task.sh Shell 8L · 391 B
│ ├─ 🔧 integration-watcher.sh Shell 150L · 5.5 KB
│ ├─ 🔧 notify-on-complete.sh Shell 89L · 3.4 KB
│ ├─ 🔧 notify.sh Shell 36L · 1.0 KB
│ ├─ 🔧 spawn-agent.sh Shell 230L · 8.7 KB
│ └─ 🔧 spawn-batch.sh Shell 76L · 3.0 KB
└─ 📝 SKILL.md Markdown 105L · 4.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
requirements.txt unpinned pip Auto-installed without version pinning or hash verification

安全亮点

✓ No base64 encoding, obfuscation, or anti-analysis techniques found
✓ No credential harvesting (API keys, SSH keys, .env scanning)
✓ No hardcoded external IPs or C2 communication patterns
✓ Webhook/Telegram calls are user-configured, not hardcoded
✓ Endorsement gate provides a manual safety check before agent spawning
✓ Agents run in isolated git worktrees with bounded scope
✓ All network calls are conditional and opt-in via config
✓ No cron jobs, backdoors, or persistence mechanisms
✓ Cleanup script properly removes worktrees and sessions
✓ Code is readable, self-contained shell scripts with no third-party dependencies