OpenA2A Security
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill has a legitimate security-audit purpose, but it asks your agent to run an unpinned external npm scanner against your OpenClaw files and credentials while making strong local-only safety claims.
Treat this as a review-before-use skill. Its goal is legitimate, but before installing or running it, verify the hackmyagent npm package and prefer a pinned version. Run it manually or in a constrained environment if ~/.openclaw contains API keys, tokens, or private skill data, and do not rely solely on the stated no-data-leaves-your-machine claim.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the scan may execute code fetched or resolved from npm with access to local OpenClaw configuration and credential-related files.
The skill's core workflow executes an npm-hosted CLI through npx against the user's OpenClaw directory, but the package is not pinned and no source, lockfile, or install specification is provided for review.
exec:
- npx hackmyagent
...
npx hackmyagent secure ~/.openclawUse only after verifying the hackmyagent package source and version. Prefer a pinned version, reviewed package provenance, and manual execution if the directory contains sensitive credentials.
A trusted scanner can help find exposed credentials, but an untrusted or compromised scanner could learn sensitive account or API information from local files.
Credential inspection is expected for a security-audit skill, but it means the scanner is intended to examine sensitive OpenClaw credential and configuration state.
Credential Audit Check for exposed credentials, weak file permissions, and plaintext storage
Run this only with a scanner you trust, and review which files under ~/.openclaw will be accessed before scanning credential storage.
Users may over-trust the skill and allow it to inspect sensitive files without independently verifying the scanner implementation.
The absolute privacy assurance is not backed by included scanner code or a pinned dependency; the main action relies on an external npx package whose behavior cannot be verified from the supplied artifacts.
This skill runs entirely locally. No data leaves your machine. No API keys required.
Avoid absolute privacy claims unless the executed scanner is included or verifiably pinned. Tell users to verify the package and run it in a constrained environment when possible.