when-orchestrating-swarm-use-swarm-orchestration
Warn
Audited by Socket on Jun 26, 2026
1 alert found:
AnomalyAnomalyPROCESS.md
LOWAnomalyLOW
PROCESS.md
No direct malicious behavior is evident in the Bash wrapper itself (no explicit exfiltration, credential access, eval/dynamic code execution, or destructive actions). However, the script repeatedly executes an unpinned npm package reference via `npx` and uses its outputs to drive further actions, making supply-chain integrity and runtime behavior the main security concern. Pin and verify the exact `claude-flow` version (and lockfile/dependency tree), and review/monitor network and file behaviors of the underlying CLI—especially during orchestration, results collection, synthesis, and report generation.
Confidence: 60%Severity: 60%
Audit Metadata