ClawHub

A2A 智能体间通信协议

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed agent-to-agent communication guide, but it also describes forwarding conversations to a Feishu group without enough privacy or consent detail.

Review before installing or enabling the Feishu observer path. If you use this skill, treat A2A messages as potentially sensitive, keep the Feishu integration disabled unless explicitly needed, use dedicated low-privilege Feishu credentials, and avoid forwarding secrets, personal data, or confidential operational content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is ներկայացued as peer-to-peer A2A communication, but the documentation also adds a Feishu notification path that forwards conversations to a human-observation group. That is a material capability expansion because it introduces third-party data disclosure outside the stated purpose and can expose agent messages, prompts, or sensitive content to external observers.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Human-observer message pushing is not necessary for core A2A peer communication and creates an unjustified extra channel for exfiltration of conversation data. In this context, adding a human-facing external sink increases privacy and insider-exposure risk, especially because agents may exchange operational or sensitive information that was expected to remain machine-to-machine.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation describes forwarding conversations to Feishu using external-service credentials, but provides no warning about privacy, retention, access, or compliance implications. This can lead operators to enable external transmission of sensitive chat content without understanding that data may leave the local agent environment and become accessible to third parties or logged by the platform.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal