swarmclaw

Name: swarmclaw
Author: swarmclawai

Issues

Open-source self-hosted AI agent runtime and multi-agent framework for autonomous agent swarms. Agent memory, MCP tools, schedules, delegation, and 23+ LLM providers (Claude, GPT, Gemini, OpenRouter, Ollama). A practical Claude Code and LangChain alternative.

532stars

106forks

TypeScript

Added 4/14/2026

View on GitHub Download ZIP

AI Agentsagent-frameworkagent-memoryagent-runtimeagent-swarmagentsaiai-agent-frameworkai-agentsautonomous-agentsclaudeclaude-code-alternativelangchain-alternativellmmcpmcp-servermulti-agentollamaopenclaworchestrationself-hosted

Installation

# Add to your Claude Code skills
git clone https://github.com/swarmclawai/swarmclaw

Getting Started

Guides for using ai agents skills like swarmclaw.

Security ReportIssues

Last scanned: 5/17/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@anthropic-ai/sdk: Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@aws-sdk/xml-builder: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@electron/node-gyp: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@electron/rebuild: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@google/genai: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@grpc/proto-loader: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@huggingface/transformers: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@mariozechner/pi-agent-core: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@mariozechner/pi-ai: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@mariozechner/pi-coding-agent: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-logs-otlp-grpc: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-logs-otlp-http: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-logs-otlp-proto: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-metrics-otlp-grpc: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-metrics-otlp-http: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-metrics-otlp-proto: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-prometheus: Prometheus exporter process crash via malformed HTTP request",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-trace-otlp-grpc: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-trace-otlp-http: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/exporter-trace-otlp-proto: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/otlp-exporter-base: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/otlp-grpc-exporter-base: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/otlp-transformer: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@opentelemetry/sdk-node: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@protobufjs/utf8: protobufjs has overlong UTF-8 decoding",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@whiskeysockets/baileys: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@whiskeysockets/libsignal-node: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@xmldom/xmldom: xmldom: Uncontrolled recursion in XML serialization leads to DoS",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "ajv: ajv has ReDoS when using `$data` option",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "app-builder-lib: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "basic-ftp: basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "cacache: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "dmg-builder: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "electron: Electron has ASAR Integrity Bypass via resource modification",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "electron-builder: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "electron-builder-squirrel-windows: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "express-rate-limit: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "fast-xml-builder: fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "fast-xml-parser: fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "hono: Hono missing validation of cookie name on write path in setCookie()",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "http-proxy-agent: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "imapflow: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "langsmith: LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "mailparser: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "make-fetch-happen: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "matrix-bot-sdk: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "next: Next.js Vulnerable to Denial of Service with Server Components",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "node-gyp: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "nodemailer: Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "onnxruntime-web: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "openclaw: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "protobufjs: protobuf.js: Code injection through bytes field defaults in generated toObject code",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "qs: qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "request: Server-Side Request Forgery in Request",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "request-promise: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "request-promise-core: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "sanitize-html: Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tough-cookie: tough-cookie Prototype Pollution vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
      "severity": "medium"
    }
  ],
  "status": "FAILED",
  "scannedAt": "2026-05-17T06:44:48.826Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

SwarmClaw

SwarmClaw is an open-source, self-hosted AI agent runtime and multi-agent framework. Run autonomous AI agents, agent swarms, and orchestrators with heartbeats, schedules, delegation, agent memory, runtime skills, and reviewed conversation-to-skill learning — across OpenClaw gateways, Claude, GPT, Gemini, OpenRouter, Ollama, and 23+ other providers. Use it as your AI agent dashboard, agent orchestration platform, and home base for self-hosted multi-agent AI workflows.

GitHub: https://github.com/swarmclawai/swarmclaw
Docs: https://swarmclaw.ai/docs
Website: https://swarmclaw.ai
Discord: https://discord.gg/sbEavS8cPV
Extension tutorial: https://swarmclaw.ai/docs/extension-tutorial

Screenshots

Requirements

Node.js 22.6+ (nvm use will pick up the repo's .nvmrc, which matches CI)
npm 10+ or another supported package manager
Docker Desktop is recommended for sandbox browser execution
Optional provider CLIs if you want delegated CLI backends such as Claude Code, Codex, OpenCode, Gemini, Copilot, Factory Droid, Cursor Agent, Qwen Code, or Goose

Quick Start

Desktop app (recommended for non-technical users)

Download the one-click installer from swarmclaw.ai/downloads. Available for macOS (Apple Silicon & Intel), Windows, and Linux (AppImage + .deb).

The release workflow supports Developer ID signing and notarization when Apple credentials are configured. If a macOS build is still ad-hoc signed, first launch may need one manual approval:

macOS: right-click the app in Finder → Open → Open to bypass Gatekeeper. If macOS instead reports "SwarmClaw is damaged and can't be opened" (common when the dmg was quarantined by Safari), strip the quarantine attribute and relaunch:
```
xattr -dr com.apple.quarantine /Applications/SwarmClaw.app
```
Windows: if SmartScreen appears, click More info → Run anyway.
Linux (AppImage): chmod +x the downloaded file, then run it.

Data lives in your OS app-data directory (~/Library/Application Support/SwarmClaw, %APPDATA%\SwarmClaw, or ~/.config/SwarmClaw), separate from any CLI or Docker install.

Global install

npm i -g @swarmclawai/swarmclaw
swarmclaw

yarn global add @swarmclawai/swarmclaw
swarmclaw

pnpm add -g @swarmclawai/swarmclaw
swarmclaw

bun add -g @swarmclawai/swarmclaw
swarmclaw

Running swarmclaw starts the server on http://localhost:3456.

From the repo

git clone https://github.com/swarmclawai/swarmclaw.git
cd swarmclaw
nvm use
npm run quickstart

npm run quickstart installs dependencies, prepares local config and runtime state, and starts SwarmClaw.

Docker

git clone https://github.com/swarmclawai/swarmclaw.git
cd swarmclaw
mkdir -p data
touch .env.local
docker compose up -d --build

Then open http://localhost:3456.

ClawHub Skill

Install the SwarmClaw skill for your OpenClaw agents:

openclaw skills install swarmclaw

Browse on ClawHub

v1.9.36 Highlights

Protocol builder visibility release for built-in Structured Sessions.

Built-in flow inspector. Built-in protocol templates now open in a full-size visual builder canvas with a read-only template step panel.
Canvas viewport repair. Builder routes now claim the full dashboard workspace and refit React Flow after async template loads.
Regression coverage. Browser smoke now verifies that the built-in facilitated discussion graph renders with visible flow nodes.

v1.9.35 Highlights

Installed package build fix for fresh npm-global installs and upgrades.

Fallback build dependency fix. The npm package now declares mime-types and @types/mime-types directly so swarmclaw server --build can type-check the OpenClaw media proxy on clean installs.
Installed-build regression guard. CLI/package tests now verify that unbundled type declarations needed by local fallback builds ship as runtime package dependencies.
macOS desktop status. The damaged-app issue remains open until Developer ID signing and Apple notarization are configured and verified on downloaded macOS artifacts.

v1.9.34 Highlights

Credential recovery and external extension access release for npm-global upgrades and scoped agent tool configuration.

Credential secret recovery. Startup now checks prior npm-global build env files before accepting a fresh per-version CREDENTIAL_SECRET, and validates candidate secrets against existing encrypted credentials before persisting DATA_DIR/credential-secret.
Clear connector failures. Connector startup now logs and surfaces credential decrypt failures directly instead of falling through to a misleading "No bot token configured" error.
External extension tools. Scoped agents now keep explicitly attached external *.js and *.mjs extensions, and the agent/chat tool controls persist enabled external tools through the extensions field.
Regression coverage. Added tests for previous-build credential recovery, non-decrypting secret replacement, scoped external extension access, and extension access persistence.

v1.9.33 Highlights

Issue and PR validation release for credential durability, delegated task dispatch, connector output hygiene, and OpenClaw gateway protocol compatibility.

*Credential durability.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

197,702

30,395

JavaScript

AI Agentsai-agentsanthropic

View details

Compare

n8n

by n8n-io

Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.

190,157

58,121

TypeScript

MCP Serversaiapis

View details

Compare

everything-claude-code

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

185,940

28,768

JavaScript

AI Agentsai-agentsanthropic

The agent that grows with you

171,953

28,870

Python

AI Agentsaiai-agent

View details

Compare

claude-code

by anthropics

Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.

120,031

19,897

Shell

AI Agents

An open-source AI agent that brings the power of Gemini directly into your terminal.

104,693

13,922

TypeScript

AI Agentsaiai-agents

View details

Compare

Browse all AI Agents skills

Claude-Ally-Health giselle

SwarmClaw

Screenshots

Requirements

Node.js 22.6+ (nvm use will pick up the repo's .nvmrc, which matches CI)
npm 10+ or another supported package manager
Docker Desktop is recommended for sandbox browser execution
Optional provider CLIs if you want delegated CLI backends such as Claude Code, Codex, OpenCode, Gemini, Copilot, Factory Droid, Cursor Agent, Qwen Code, or Goose

Quick Start

Desktop app (recommended for non-technical users)

Download the one-click installer from swarmclaw.ai/downloads. Available for macOS (Apple Silicon & Intel), Windows, and Linux (AppImage + .deb).

The release workflow supports Developer ID signing and notarization when Apple credentials are configured. If a macOS build is still ad-hoc signed, first launch may need one manual approval:

macOS: right-click the app in Finder → Open → Open to bypass Gatekeeper. If macOS instead reports "SwarmClaw is damaged and can't be opened" (common when the dmg was quarantined by Safari), strip the quarantine attribute and relaunch:
```
xattr -dr com.apple.quarantine /Applications/SwarmClaw.app
```
Windows: if SmartScreen appears, click More info → Run anyway.
Linux (AppImage): chmod +x the downloaded file, then run it.

Data lives in your OS app-data directory (~/Library/Application Support/SwarmClaw, %APPDATA%\SwarmClaw, or ~/.config/SwarmClaw), separate from any CLI or Docker install.

Global install

npm i -g @swarmclawai/swarmclaw
swarmclaw

yarn global add @swarmclawai/swarmclaw
swarmclaw

pnpm add -g @swarmclawai/swarmclaw
swarmclaw

bun add -g @swarmclawai/swarmclaw
swarmclaw

Running swarmclaw starts the server on http://localhost:3456.

From the repo

git clone https://github.com/swarmclawai/swarmclaw.git
cd swarmclaw
nvm use
npm run quickstart

npm run quickstart installs dependencies, prepares local config and runtime state, and starts SwarmClaw.

Docker

git clone https://github.com/swarmclawai/swarmclaw.git
cd swarmclaw
mkdir -p data
touch .env.local
docker compose up -d --build

Then open http://localhost:3456.

ClawHub Skill

Install the SwarmClaw skill for your OpenClaw agents:

openclaw skills install swarmclaw

Browse on ClawHub

v1.9.36 Highlights

Protocol builder visibility release for built-in Structured Sessions.

Built-in flow inspector. Built-in protocol templates now open in a full-size visual builder canvas with a read-only template step panel.
Canvas viewport repair. Builder routes now claim the full dashboard workspace and refit React Flow after async template loads.
Regression coverage. Browser smoke now verifies that the built-in facilitated discussion graph renders with visible flow nodes.

v1.9.35 Highlights

Installed package build fix for fresh npm-global installs and upgrades.

Fallback build dependency fix. The npm package now declares mime-types and @types/mime-types directly so swarmclaw server --build can type-check the OpenClaw media proxy on clean installs.
Installed-build regression guard. CLI/package tests now verify that unbundled type declarations needed by local fallback builds ship as runtime package dependencies.
macOS desktop status. The damaged-app issue remains open until Developer ID signing and Apple notarization are configured and verified on downloaded macOS artifacts.

v1.9.34 Highlights

Credential recovery and external extension access release for npm-global upgrades and scoped agent tool configuration.

Credential secret recovery. Startup now checks prior npm-global build env files before accepting a fresh per-version CREDENTIAL_SECRET, and validates candidate secrets against existing encrypted credentials before persisting DATA_DIR/credential-secret.
Clear connector failures. Connector startup now logs and surfaces credential decrypt failures directly instead of falling through to a misleading "No bot token configured" error.
External extension tools. Scoped agents now keep explicitly attached external *.js and *.mjs extensions, and the agent/chat tool controls persist enabled external tools through the extensions field.
Regression coverage. Added tests for previous-build credential recovery, non-decrypting secret replacement, scoped external extension access, and extension access persistence.

v1.9.33 Highlights

Issue and PR validation release for credential durability, delegated task dispatch, connector output hygiene, and OpenClaw gateway protocol compatibility.

*Credential durability.