ClawHub
Back to skill
v1.0.2

Claw Crony

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:19 AM.

Analysis

This appears to be a legitimate A2A setup guide, but it installs unreviewed remote plugin code, opens persistent cross-server agent communication, and stores bearer tokens in agent instructions.

GuidanceOnly install this if you intentionally want persistent cross-server agent communication. Before installing, review and pin the remote plugin source, restrict the listening interface or firewall it to trusted peers, keep bearer tokens out of TOOLS.md or other prompt-visible files, and require confirmation before sending sensitive prompts to peer agents.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
git clone https://github.com/ccccl8/claw-crony.git claw-crony
cd claw-crony
npm install --production

The skill installs plugin code from an unpinned remote repository and runs npm installation before loading it into OpenClaw; the package artifacts provided for review do not include that plugin code.

User impactInstalling this could run and persist third-party plugin code that was not included in the reviewed skill artifacts.
RecommendationReview the GitHub repository, pin a trusted commit or release, inspect dependencies, and prefer an install spec or signed/provenanced package before loading it.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
references/tools-md-template.md
When the user says "通过 A2A 让 <PEER_NAME> 做 xxx" / "Send to <PEER_NAME>: xxx" / "Ask <PEER_NAME> to ..." or similar, use the exec tool to run:

node <WORKSPACE>/plugins/claw-crony/skill/scripts/a2a-send.mjs \
  --peer-url http://<PEER_IP>:18800 \
  --token <PEER_TOKEN> \
  --message "YOUR MESSAGE HERE"

The template directs the agent to construct and run a shell command containing a peer token and user-supplied message text, but it does not define escaping, confirmation, or limits for that command.

User impactA malformed or hostile message could be inserted into a shell invocation, and peer tokens may be exposed through command history, logs, or process listings depending on the environment.
RecommendationUse a safer non-shell invocation path where possible, escape or pass message content as structured input, avoid putting tokens on the command line, and require user confirmation before sending.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
openclaw config set plugins.entries.claw-crony.config.security.inboundAuth 'bearer'
openclaw config set plugins.entries.claw-crony.config.security.token "$TOKEN"

Share this token with peers who need to send you messages.

The setup creates and distributes bearer credentials that authorize remote peers to send messages into the agent gateway.

User impactAnyone with the token may be able to send requests to the configured agent endpoint, so token leakage or over-sharing can grant unwanted agent access.
RecommendationUse per-peer tokens where supported, limit who receives them, rotate tokens after testing, avoid storing them in broadly visible files, and restrict network access to trusted peers.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
references/tools-md-template.md
Append this section to the agent's `TOOLS.md` file, replacing all `<PLACEHOLDERS>` with actual values.

| Peer | IP | Auth Token |
|------|-----|------------|
| <PEER_NAME> | <PEER_IP> | <PEER_TOKEN> |

The template places peer authentication tokens into persistent agent instructions that may be reused across tasks and exposed to model context.

User impactA peer token stored in TOOLS.md could be retained in the agent's working context and accidentally revealed or reused outside the intended task.
RecommendationStore tokens in a dedicated secret store or environment variable instead of persistent prompt text, and keep TOOLS.md limited to non-secret routing names.
Insecure Inter-Agent Communication
SeverityHighConfidenceHighStatusConcern
SKILL.md
openclaw config set plugins.entries.claw-crony.config.server.host '0.0.0.0'
openclaw config set plugins.entries.claw-crony.config.server.port 18800

The A2A gateway is configured to listen on all network interfaces, enabling remote inter-agent communication; the artifacts do not provide clear network allowlisting, peer identity validation beyond bearer tokens, or guidance for treating peer responses as untrusted.

User impactThe agent gateway may become reachable from more networks than intended, and messages from peer agents could influence local agent behavior or expose sensitive task data.
RecommendationBind to a private interface where possible, use Tailscale or firewall allowlists, validate peer identities, avoid public exposure, and treat all peer responses as untrusted input.