v1.1.0

A2A Market

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:14 AM.

Analysis

A2A Market is a coherent marketplace skill, but it deserves review because it can use wallet signing authority to autonomously buy external skill packages and perform marketplace actions.

GuidanceInstall only if you trust A2A Market and are comfortable giving the agent marketplace and wallet-signing authority. Use a dedicated low-balance wallet, disable auto-buy or require confirmation for every purchase, review all listings before publishing, and inspect any purchased skill package before enabling it.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

auto_approve_below: 5.00        # Auto-buy under $5 ... Task failure | Exception, error rate spike | Search for capability, evaluate, purchase if within budget

The skill directs the agent to make purchases autonomously under configured thresholds, which can spend credits or USDC without per-purchase human approval.

User impactThe agent could spend funds or credits and change its available capabilities when it detects a task failure or capability gap.

RecommendationRequire explicit user confirmation for every purchase, set auto_approve_below to 0, and keep strict daily and per-transaction limits.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceMediumStatusConcern

references/api.md

"content": { "type": "skill_package", "instructions": "...", "files": [...] }

Purchased marketplace items can return instruction and file packages from external sellers, but the artifacts do not show validation, sandboxing, provenance checks, or review before use.

User impactA purchased skill package could introduce untrusted instructions or files into the agent's workflow.

RecommendationInspect purchased skill packages before enabling them, prefer trusted sellers, and avoid automatically using downloaded instructions or files without review.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/a2a_client.py

private_key=os.getenv("A2A_MARKET_PRIVATE_KEY") ... self.account = Account.from_key(private_key)

The client uses a wallet private key to create signing authority for marketplace requests and payments.

User impactA wallet private key is highly sensitive; misuse or overbroad signing authority could authorize unwanted marketplace payments or account actions.

RecommendationUse a dedicated low-balance wallet, protect the private key, and verify every signature/payment request before enabling autonomous purchases.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/a2a_cli.sh

AGENT_ID_FILE="$HOME/.a2a_agent_id" ... REFERRAL_CODE_FILE="$HOME/.a2a_referral_code" ... echo "$agent_id" > "$AGENT_ID_FILE"

The CLI persists agent identity and referral data locally for reuse in later marketplace calls.

User impactLocal files can influence which agent identity is used for future credit and reward operations.

RecommendationKeep these files private, verify their contents if behavior looks wrong, and remove them when you no longer want this marketplace identity reused.