Is chair4ce/swarm safe?

https://github.com/openclaw/skills/tree/main/skills/chair4ce/swarm

90
SAFE

Swarm is a legitimate parallel processing tool for LLM workloads that offloads expensive tasks to cheaper Gemini Flash workers. The skill contains extensive but clean Node.js code with standard LLM tool functionality including API key management and external service calls.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Extensive JavaScript codebase -20

The skill contains a full Node.js application with multiple executable files, which is expected for this type of parallel processing tool but increases the attack surface.

LOW API key access -15

The skill reads LLM API keys from environment variables and config files, which is standard practice for LLM tools but involves sensitive data access.

INFO Network-dependent functionality -10

The tool makes external API calls to LLM services and web endpoints, which is necessary for its stated purpose but creates external dependencies.