Is research-swarm safe?

https://clawhub.ai/openclawprison/research-swarm

72
CAUTION

The 'research-swarm' skill failed to install and contains no functional content — its SKILL.md is empty and its only file is a lock.json referencing a different skill name ('academic-research-hub'). No malicious behavior was detected during the clone/install phase: no sensitive files were accessed, no unexpected network connections were made, and all canary files remained intact. The primary concerns are the failed installation and the name mismatch, which suggest a broken, abandoned, or potentially repurposed skill.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 40/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (6)

MEDIUM Installation failed — skill not found -30

The skill installation process failed with a 'Skill not found' error. This means the skill either does not exist at the claimed URL, has been removed, or the slug is incorrect. Users cannot actually install this skill.

MEDIUM Slug mismatch in lock.json -30

The lock.json file references a skill named 'academic-research-hub' (version 0.1.0), but the audit target slug is 'research-swarm'. This name mismatch suggests the repository may have been renamed, repurposed, or contains remnants of a different skill. This inconsistency is a yellow flag for supply chain integrity.

LOW Empty SKILL.md — no skill definition -10

The SKILL.md file is completely empty. This means the skill provides no instructions, no functionality, and no prompt content. While this eliminates prompt injection risk, it also means the skill is non-functional and its purpose is unclear.

INFO Expected network connections only 0

All outbound network connections were to expected infrastructure: ClawHub (216.150.1.1:443) for skill resolution, AWS CDN (3.220.46.101:443) likely for package registry, Ubuntu NTP (185.125.190.58:123) for time sync, and local DNS (192.168.65.1:53, 127.0.0.53:53). No unexpected or suspicious external endpoints were contacted.

INFO All honeypot files intact 0

The canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, .config/gcloud/application_default_credentials.json) were all verified intact via sha256sum. No exfiltration attempt was detected.

LOW Non-functional skill with unclear purpose -70

This skill contains no content, no code, and failed to install. It could be an abandoned project, a placeholder, or a broken upload. While currently harmless, the slug mismatch and empty content mean users gain nothing from attempting to install it. There is a minor risk that a future update could add malicious content to the 'research-swarm' namespace.