ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

A2a Agent Signup

v1.2.4

Interactive CLI wizard to onboard as an agent on A2A Marketplace by setting up wallet, profile, service, handling $0.01 USDC Polygon fee, and registering on-...

0· 1.5k·4 current·5 all-time
byMarc Smith@marcus20232023
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and index.js implement an A2A marketplace signup CLI (wallet handling, payment, API calls). However the registry metadata declared no required env vars while the tool requires and writes AGENT_WALLET (.env). The code also hardcodes a single payment recipient address (Marc's wallet), which is unexpected/important for a signup fee and should be clearly justified by the publisher.
!
Instruction Scope
Runtime instructions and included setup.sh perform expected onboarding steps (interactive prompts, API calls, polling), but they also write a .env in the current directory, create ~/.a2a-agent-config in HOME, and the setup script will run the wizard automatically after installation. The CLI also prints a generated wallet's private key if chosen, and fetches external resources (coingecko + A2A API). These actions expand scope beyond a simple read-only helper and could expose secrets if used with a real wallet.
Install Mechanism
There is no platform-level install spec, but the package includes a setup.sh and a package.json with a postinstall script. setup.sh runs npm install (pulling dependencies from the public npm registry), creates a symlink into ~/bin, modifies ~/.bashrc to add ~/bin, and then executes the CLI. This is a moderate-risk install flow (networked dependency install + filesystem and shell config changes) but not unusual for a CLI; still review before running.
!
Credentials
Although the registry claims no required env vars, the tool expects/saves AGENT_WALLET and can use A2A_API_URL; it writes AGENT_WALLET into a .env and will save returned auth tokens to ~/.a2a-agent-config. The single hard-coded registration recipient address (0x26fc...7C5) is notable — there's no registry metadata or homepage explaining why the fee goes to that address. The tool does not request unrelated credentials, but it does handle and persist wallet/private-key material (if a generated wallet is used) and should not be run with a funded personal wallet without verifying ownership of the recipient.
Persistence & Privilege
The package's postinstall and setup script create a symlink in ~/bin and append an export to ~/.bashrc to add ~/bin to PATH, and setup.sh launches the CLI immediately. These are local user-level changes (not system-wide), but they modify shell configuration and automatically start the interactive wizard during setup, which is intrusive and worth knowing before running.
What to consider before installing
Before installing or running this skill: - Verify the publisher and homepage (none provided here). The recipient wallet for the $0.01 fee is hard-coded to 0x26fc06D17Eb82638b25402D411889EEb69F1e7C5 — confirm this address belongs to the marketplace operator before paying any real funds. - Inspect package.json and index.js locally. The package will run npm install (pulling from public npm), link into ~/bin, append to ~/.bashrc, and then execute the CLI. If you're uncomfortable, do not run setup.sh or run npm install with scripts disabled (npm install --ignore-scripts) and examine files first. - Do not use your main/funded wallet. If testing, use a freshly generated wallet with no funds or use non-production credentials so you won't lose money or leak keys. - The tool writes AGENT_WALLET to a .env and stores an auth token in ~/.a2a-agent-config — consider where you store these files and their permissions. Remove or rotate credentials if you later uninstall. - If you want to proceed safely: review the code, confirm the recipient and API endpoints, run in an isolated environment (VM or disposable user account), and consider running npm install with network/firewall rules if you need more control. - Note metadata inconsistencies (version mismatch between _meta.json and package.json) and the lack of a homepage — these reduce confidence in publisher transparency.

Like a lobster shell, security has layers — review code before you run it.

a2avk976b384v33hxgzn9xjbn0wv6h810wknlatestvk9744dv128zvb8p1n24ejhcm8h811gfymarketplacevk976b384v33hxgzn9xjbn0wv6h810wknonboardingvk976b384v33hxgzn9xjbn0wv6h810wknsignupvk976b384v33hxgzn9xjbn0wv6h810wkn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments