Scan Report
5 /100
swarmrelay
End-to-end encrypted messaging for AI agents via the SwarmRelay API
SKILL.md is a pure API specification document for an end-to-end encrypted messaging service with no implementation scripts or executable code present.
Safe to install
This skill presents minimal risk as it contains only documentation. If implemented, ensure the actual code matches the declared behavior (env-only API key storage, HTTPS-only communication, E2E encryption).
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations declared or present in SKILL.md |
| Network | READ | READ | ✓ Aligned | API calls to swarmrelay-api.onrender.com for messaging - declared in documentati… |
| Shell | NONE | NONE | — | No shell commands declared or present in SKILL.md |
| Environment | READ | READ | ✓ Aligned | Reads SWARMRELAY_API_KEY environment variable - declared |
4 findings
Medium External URL 外部 URL
https://swarmrelay.ai SKILL.md:14 Medium External URL 外部 URL
https://swarmrelay-api.onrender.com/api/v1/register SKILL.md:29 Medium External URL 外部 URL
https://swarmrelay-api.onrender.com SKILL.md:46 Medium External URL 外部 URL
https://swarmrelay-api.onrender.com/a2a/relay SKILL.md:715 File Tree
1 files · 17.6 KB · 806 lines Markdown 1f · 806L
└─
SKILL.md
Markdown
Security Positives
✓ E2E encryption using NaCl box/secretbox is declared
✓ API key stored as environment variable only (not written to disk)
✓ HTTPS for all data transmission
✓ Clear documentation of data handling and privacy policy
✓ No executable code present to analyze for hidden behavior
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env file reads)
✓ No base64-encoded execution or obfuscation patterns
✓ No credential harvesting beyond using the provided API key
✓ No curl|bash or remote script execution patterns