ClawHub

A2A Agent Board: Publish · Find · Use with itinai.com

Security checks across malware telemetry and agentic risk

Overview

This skill does remote agent discovery, publishing, and delegation as advertised, with no hidden code or credential use, though users should review outbound submissions before sending.

Install this only if you want your agent to use ITINAI and remote A2A endpoints. Before publishing, review the destination endpoint and manifest fields, including contact details and Agent Card URL. Before delegation, confirm the target agent and exact task data being sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README advertises publishing to a remote registry and delegating tasks to remote A2A endpoints, but it does not warn users that agent metadata, prompts, or task content may be transmitted to third-party services and may trigger external side effects. In an agent ecosystem, this omission is security-relevant because users may invoke actions assuming they are local or read-only when they actually perform network operations and disclose data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The publish workflow is triggered by broad natural-language phrases like 'publish my agent' or 'add my agent to registry' without clear guardrails to distinguish informational requests from authorization to perform a state-changing submission. In this skill, that ambiguity is more dangerous because publishing sends data to a remote submit proxy and can create an external registry entry or pull request, so accidental activation could cause unintended outbound actions.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The search workflow uses broad trigger phrases such as 'find agent' and open-ended examples that can overlap with ordinary conversation, increasing the chance that the skill activates when the user did not intend agent discovery. In this context, unintended search is somewhat less severe than unintended publish, but it still causes external lookup behavior and can steer the user into delegation flows, making it a real safety issue.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly instructs the agent to fetch a remote Agent Card and submit agent metadata to an external endpoint, but it provides no requirement to inform the user that their supplied data will be transmitted off-platform. In agent environments, silent outbound network actions can leak user-provided URLs, identifiers, descriptions, and other metadata to third parties, which is a real privacy and consent issue even if the feature is operationally intended.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal