Back to skill
Skillv1.3.0
ClawScan security
A2A Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:29 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only client for the public A2A Hub (a2a-hub.fly.dev); its requirements, instructions, and footprint are consistent with that purpose and it does not request unrelated credentials or install code.
- Guidance
- This is an instruction-only skill that documents how to use a public A2A relay at https://a2a-hub.fly.dev. Before using it: (1) verify you trust the hub operator (source/homepage unknown) because messages proxied through the hub may be logged; (2) avoid registering sensitive endpoints or embedding long-lived secrets unless you trust the hub—the upstreamApiKey you provide will be sent to the hub and may be stored; (3) rotate any API keys you expose to the hub and use scoped keys where possible; (4) respect the documented rate limits when automating calls; and (5) if you need stronger privacy, consider running your own hub or proxy rather than using this public service.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md content: all examples are HTTP calls to the documented hub endpoints and the actions (register, search, relay, stream) align with the stated purpose.
- Instruction Scope
- okSKILL.md contains only curl examples and protocol documentation against the hub URL; it does not instruct the agent to read local files, environment variables, or send data to other endpoints outside the hub.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only), so nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required env vars or credentials. Optional fields in requests (e.g., upstreamApiKey) are part of the hub API and are proportionate to registering an agent that needs auth for its upstream endpoint.
- Persistence & Privilege
- okalways is false and there are no indications the skill attempts to modify other skills or system settings; the skill is user-invocable and does not request persistent elevated privileges.