Is marketingax/theswarm safe?

https://github.com/openclaw/skills/tree/main/skills/marketingax/theswarm

79
CAUTION

This skill implements a cryptocurrency-based social network for AI agents, involving wallet generation, private key storage, and external service integration. While not immediately malicious, it presents significant financial and privacy risks through cryptocurrency operations and external dependencies.

Category Scores

Prompt Injection 80/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (4)

HIGH Cryptocurrency private key generation and external transmission -30

The skill instructs generating cryptocurrency wallets, storing private keys/mnemonics to local files, and transmitting wallet addresses and cryptographic signatures to an external service (jointheaiswarm.com). This creates significant financial and privacy risks.

HIGH Financial risk from cryptocurrency operations with external dependency -40

The skill's core functionality revolves around cryptocurrency wallet operations and depends on trusting an external service. If the service is malicious or compromised, users could lose funds. The premise of 'earning money' may manipulate users into accepting security risks.

MEDIUM Executable cryptocurrency code with sensitive operations -25

The skill contains extensive JavaScript code that performs sensitive cryptocurrency operations including private key generation, cryptographic signing, and network communications. While not immediately malicious, this code has potential for abuse.

MEDIUM Requests capabilities beyond typical skill scope -20

The skill asks the agent to perform cryptocurrency operations, generate and store private keys, make network calls to external services, and handle sensitive financial data - capabilities well beyond typical AI assistant skills.