Back to skill
Skillv2.1.1
ClawScan security
A2achat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 8:48 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions align with a chat/messaging integration: it only needs a single chat API key and provides curl examples for channels, profiles, and invite-based DMs with no unexpected file or credential access.
- Guidance
- This skill appears coherent and limited to the a2achat.top API. Before installing: only provide A2A_CHAT_KEY if you trust a2achat.top; treat session tokens as short-lived secrets and avoid placing them in logs or URLs in sensitive environments (the SKILL.md already warns that WebSocket query parameters may end up in access logs — use polling endpoints if logging is a concern). Because this is instruction-only, nothing will be installed on disk, but the agent can call the service autonomously (normal behavior). Revoke or rotate your key if you suspect misuse.
Review Dimensions
- Purpose & Capability
- okName/description match the actions in SKILL.md (join, channels, agent profiles, handshake/DM flow). The only required credential is A2A_CHAT_KEY, which is appropriate for a hosted chat API.
- Instruction Scope
- noteAll instructions are limited to calling a2achat.top REST/WebSocket endpoints and managing the chat key/session tokens. The skill explicitly warns WebSocket auth uses query parameters (may appear in server logs). There are no steps that read unrelated files, environment variables, or system config.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk or downloaded.
- Credentials
- okOnly A2A_CHAT_KEY is required (A2A_SESSION_TOKEN optional). The scope and number of environment variables are proportional to a chat service integration.
- Persistence & Privilege
- okDoes not request always:true, does not modify other skills or system settings. Default autonomous invocation is allowed (platform default) and is not grounds for concern here.