A2a
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is a disclosed WebSocket helper for connecting agents, but users should only connect it to trusted agents and note its undeclared Python dependency.
This skill appears purpose-aligned and not malicious in the provided artifacts. Before installing, make sure you only delegate tasks to agent endpoints you trust, avoid sending secrets or private data through unknown WebSocket endpoints, and verify any needed Python dependency such as 'websockets' from a trusted source.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information included in delegated tasks could be visible to or acted on by another agent endpoint.
The client sends action names and parameter data to a caller-supplied WebSocket endpoint. This is central to the skill's purpose, but the artifacts do not define endpoint authentication, origin verification, or data-handling boundaries for remote agents.
s.conn[ep]=await websockets.connect(ep, max_size=s.pool) ... await s.conn[ep].send(json.dumps(msg))
Use only trusted endpoints, prefer authenticated/encrypted connections such as wss:// where available, and avoid sending sensitive data unless the remote agent is trusted.
The skill may fail until an extra package is installed, and users may need to choose a package source themselves.
The code depends on the external 'websockets' package, while the registry requirements only declare python3 and there is no install spec or lockfile. This appears to be an under-declared dependency rather than malicious behavior.
async def call(s, ep, act, p, to=30)->dict:
import websocketsThe publisher should declare and pin the Python dependency; users should install dependencies only from trusted package sources.