Ucp Checkout A2a

PassAudited by VirusTotal on May 13, 2026.

Overview

Type: OpenClaw Skill Name: ucp-checkout-a2a Version: 1.0.0 The skill bundle provides architectural guidance and protocol specifications for implementing Agent-to-Agent (A2A) commerce via the Universal Commerce Protocol (UCP). It contains no executable code and directs the agent to legitimate external documentation and sample repositories (ucp.dev, google.github.io, and github.com). The instructions in SKILL.md are consistent with the stated purpose of building commerce flows and do not exhibit signs of malicious intent or prompt injection attacks.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

If used carelessly, an implementation based on this guidance could let an agent progress through purchase steps without enough human oversight.

Why it was flagged

The skill explicitly targets autonomous checkout flows. This is purpose-aligned, but implementations should require clear user authorization, spending constraints, and review points before purchases are completed.

Skill content

Fully autonomous agent-to-agent commerce (no human in the loop for most steps)

Recommendation

Add explicit user-confirmation, budget, merchant, item, and cancellation requirements when implementing checkout behavior.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Payment credentials or delegated checkout credentials could authorize real transactions if mishandled.

Why it was flagged

The protocol carries payment credentials as part of checkout completion. This is expected for a checkout integration, but it is sensitive authority.

Skill content

`a2a.ucp.checkout.payment_data` | Platform  Business | Payment credentials for completion

Recommendation

Use least-privilege payment tokens, avoid logging credentials, require user authorization, and follow the live UCP/AP2 security requirements.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

The implementation may depend on external content that can change after this review.

Why it was flagged

The skill relies on live external reference material and sample code. This is reasonable for protocol implementation, but fetched content is not pinned or included in the reviewed artifact.

Skill content

fetch the latest sample A2A Business Agent from https://github.com/Universal-Commerce-Protocol/samples

Recommendation

Review and pin the exact specification and sample commit used before copying code or building payment flows.

NoteHigh Confidence

ASI07: Insecure Inter-Agent Communication

What this means

A checkout agent could send sensitive checkout data to the wrong or untrusted business agent if discovery and identity checks are weak.

Why it was flagged

The skill is specifically about inter-agent communication for checkout. This is core to the stated purpose, but agent identity, endpoint validation, and message authorization are important boundaries.

Skill content

A2A (Agent-to-Agent) is a protocol for autonomous inter-agent communication. UCP's A2A binding lets a Platform agent talk to a Business agent using structured messages

Recommendation

Validate Agent Cards, endpoints, UCP headers, signatures, and authorization credentials before sending checkout or payment data.