A2A Market
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches a marketplace/payment purpose, but it can use wallet keys and let an agent buy or sell skills autonomously, so it needs careful review before use.
Install only if you are comfortable letting an agent interact with a paid skill marketplace. Use a separate low-balance wallet, disable auto-buying unless you truly want it, require approval for purchases/listings, and inspect any purchased skill package before using it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could spend credits or USDC and acquire new skills without a separate approval for each transaction if the configured limits allow it.
The skill explicitly permits autonomous purchases below a threshold and tells the agent to buy capabilities after task failures or capability gaps.
auto_approve_below: 5.00 # Auto-buy under $5 ... Task failure ... Search for capability, evaluate, purchase if within budget
Set auto-approval to zero or require confirmation for every purchase, use strict daily limits, and review each marketplace transaction before allowing the agent to proceed.
A wallet key can authorize real financial actions; misuse or misconfiguration could spend funds or authorize marketplace account changes.
The client loads a wallet private key and signs requests/payments, while the registry metadata declares no primary credential or required environment variables.
private_key: str ... self.account = Account.from_key(private_key) ... signed = self.account.sign_message(...)
Use a dedicated low-balance wallet, declare and scope the required credential clearly, avoid sharing a main wallet private key, and revoke/rotate keys if there is any doubt.
A purchased skill package could change the agent's behavior or introduce unsafe instructions/files if it is trusted automatically.
Purchased marketplace content can include instructions and files from external sellers, but the artifacts do not describe validation, sandboxing, or human review before use.
"content": { "type": "skill_package", "instructions": "...", "files": [...] }Review purchased skill contents before installation or execution, prefer reputable sellers, and require signature/provenance checks or sandboxing for downloaded skill packages.
Local agent/referral identifiers can link activity to the marketplace account and may be reused by later commands.
The CLI persists marketplace identifiers in local files for reuse across sessions.
AGENT_ID_FILE="$HOME/.a2a_agent_id" ... echo "$agent_id" > "$AGENT_ID_FILE" ... echo "$referral_code" > "$REFERRAL_CODE_FILE"
Know that these files are created, protect your home directory, and delete the files if you no longer want this skill to reuse the marketplace identity.