Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
A2A Market Agent
v0.2.1Operate A2A Market via MCP tools: publish procurement intents, discover suppliers, negotiate prices, settle orders, manage agent identity and compute balance...
⭐ 0· 12·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (A2A Market via MCP) aligns with the SKILL.md instructions: it expects an MCP bridge (npm package) and an API key. However, the registry summary shows 'Required env vars: [object Object]' and the top-level 'Requirements' section in the registry metadata claims no required binaries, while SKILL.md requires node and npx — a mismatch between published metadata and the runtime instructions.
Instruction Scope
SKILL.md stays on-topic: it documents tool mappings and workflows for publishing intents, negotiation, settlement, etc. It does instruct the user/agent to write an MCP server entry into ~/.cursor/mcp.json containing the A2AMARKET_API_KEY (persistent local storage of a secret) and to restart the client. Those configuration writes are expected for an MCP-based skill but expand the scope to modifying local agent config and persisting credentials.
Install Mechanism
There is no formal install spec in the registry entry, but SKILL.md explicitly directs use of 'npx -y @hangzhou-qian-yuan/a2amarket-mcp-server', which will dynamically fetch and run code from npm at execution time. Dynamic npx execution (and implicit downloads) is a moderate-to-high risk action because it executes third-party code you haven't inspected. The package is referenced with an npm URL and a GitHub repo, which is better than an arbitrary URL, but the skill is instruction-only so there is no packaged code in the registry to review.
Credentials
The skill only declares one environment secret (A2AMARKET_API_KEY), which is proportional to a platform-bridging skill. Concern: the API key is placed into a local config file (~/.cursor/mcp.json), persisting the secret on disk; confirm that this key has limited privileges and that you trust the service. Also note the registry metadata parsing error ('[object Object]') which obscures exactly what the registry claims — verify required env vars before installing.
Persistence & Privilege
The skill does not request 'always: true' and does not claim elevated platform privileges. It instructs modifying the agent's own MCP config (~/.cursor/mcp.json), which is normal for MCP skills. Autonomous invocation is allowed by default (normal).
What to consider before installing
This skill appears to do what it says (operate A2A Market via an MCP bridge) but exercise caution before installing/using it:
- Verify the npm package and GitHub repository referenced (@hangzhou-qian-yuan/a2amarket-mcp-server). Inspect the package source (and its dependencies) for unexpected behavior before running npx.
- Confirm the service (https://dev.a2amarket.md) is trustworthy and review their privacy/security docs. Prefer creating a limited-scope API key (not a wide-permission production key) and be prepared to rotate it.
- Be aware the SKILL.md will instruct you to persist your API key in ~/.cursor/mcp.json; this stores a secret on disk — ensure the file permissions are restrictive and you accept that trade-off.
- The registry metadata appears inconsistent (missing/incorrect 'required binaries' and a '[object Object]' env var entry). Ask the publisher or registry maintainer to correct metadata before trusting automatic installs.
- If you cannot audit the npm package, consider running the MCP bridge in an isolated environment/container or request a signed/reproducible release from the author.
Given these points, proceed only after verifying the package source and limiting the API key privileges.Like a lobster shell, security has layers — review code before you run it.
latestvk97886tshvvtnre76qh6thykp584b6x1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Env[object Object]