A2a Agent Signup
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches an A2A signup wizard, but it needs review because it shells out with a dynamic payment URL and the scan indicates a possible hardcoded auth token.
Install only if you intend to register on A2A Marketplace and are comfortable paying the disclosed $0.01 USDC fee to the hardcoded recipient. Before using it, verify that AGENT_WALLET is your own address, keep any generated private key private, use only a trusted A2A_API_URL, and protect or delete ~/.a2a-agent-config if you stop using the service. The publisher should fix the shell-based URL opener and clarify/remove any hardcoded auth token before broad use.
VirusTotal
56/56 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Choosing the browser payment option could run unintended local commands if a malicious payment URL is supplied.
The skill opens the payment URL by interpolating it into a shell command. Browser opening is purpose-aligned, but shell interpolation of a dynamic URL can become command execution if the URL is controlled by a compromised or alternate API endpoint.
exec(`open "${paymentUrl}" || xdg-open "${paymentUrl}" || start "${paymentUrl}"`, () => {});Avoid shell exec for URLs; validate the URL scheme/host and use a safe browser-opening method or spawn with fixed arguments instead of passing a constructed shell string.
A hardcoded token could expose a service credential, cause shared authorization between users, or require token rotation by the publisher.
The static scan reports a possible hardcoded authToken literal in the distributed code. A signup CLI should normally receive a per-user token from the service and store it locally, not ship a fixed token.
authToken: [REDACTED],
Publisher should remove any hardcoded token, rotate it if it was real, and ensure auth tokens are issued per user after registration.
Anyone who can read that local config file may be able to access the registered A2A marketplace identity.
The skill discloses that it stores marketplace credentials, including an auth token, under the user's home directory after signup.
Saves your credentials locally (~/.a2a-agent-config) ... "authToken": "jwt..."
Protect your home directory, verify the file permissions, and remove ~/.a2a-agent-config if you no longer use the skill.
Terminal logs, screen sharing, or shell history capture could expose the generated wallet key.
If the user chooses the testing wallet-generation path, the generated private key is printed to the terminal. This is user-selected and warned, but still sensitive wallet material.
console.log(` ⚠️ Save your private key: ${wallet.privateKey}\n`);Do not use the generated testing wallet for real funds unless you can securely store the key; prefer using your own wallet address and never share terminal output containing private keys.
Running setup changes your shell environment and installs third-party npm packages.
The setup script installs npm dependencies, creates a persistent CLI symlink, modifies ~/.bashrc, and immediately runs the wizard. This is disclosed and purpose-aligned, but it has local installation side effects.
npm install --quiet ... ln -sf "$SKILL_DIR/index.js" "$BIN_DIR/a2a-agent-signup" ... echo 'export PATH="$HOME/bin:$PATH"' >> ~/.bashrc ... node "$SKILL_DIR/index.js"
Run setup only if you are comfortable with these changes; review package dependencies and remove the symlink/PATH entry if uninstalling.
Your wallet address, profile, bio, specialization, and optional service listing are sent to the configured API host.
The skill sends wallet and profile/listing data to the configured A2A JSON-RPC endpoint. This is expected for marketplace signup, but the endpoint can be changed via environment configuration.
const API_URL = process.env.A2A_API_URL || 'https://a2a.ex8.ca/a2a/jsonrpc'; ... walletAddress: params.walletAddress, name: params.name, bio: params.bio
Use only the default A2A endpoint or a trusted self-hosted endpoint, and avoid putting sensitive information in public profile fields.
If you copy the example without replacing the address, marketplace payments could be associated with an address you do not control.
The documentation's example .env uses a concrete wallet address while labeling it as the user's wallet. This is likely an example, but copying it unchanged would register the wrong receiving wallet.
AGENT_WALLET=0xDBD846593c1C89014a64bf0ED5802126912Ba99A
Replace any example AGENT_WALLET value with your own wallet address before running the wizard; publisher should use an obvious placeholder address in docs.