ClawHub

A2a Market

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real marketplace skill, but it gives an agent payment and listing authority with controls that are too broad for automatic use.

Review carefully before installing. Use a dedicated low-balance wallet, set auto-approval limits to zero unless you intentionally want autonomous spending, require confirmation for every purchase or listing, and inspect any purchased skill before installing or running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This document gives copy-pasteable commands that perform remote publication to ClawHub and, in the fallback path, create a public GitHub repository without any warning, confirmation step, or disclosure of the visibility and data-exposure consequences. In the context of a marketplace skill that monetizes and distributes agent capabilities, this makes accidental publication of proprietary code, secrets, or unfinished skills more likely.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation criteria are broad enough to trigger on generic words like marketplace, credits, registration, or earning money, which can invoke this skill outside an explicit request to use A2A Market. Because the skill can lead to purchases, registrations, reward claims, and listing actions, overbroad routing materially increases the chance of unintended financial or account-affecting behavior.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly describes autonomous purchases and automatic daily reward claims without an upfront warning that it may spend funds, consume credits, or perform account actions on the user's behalf. In a payments-enabled marketplace context, lack of prominent consent and transactional disclosure can cause unauthorized purchases, unintended balance changes, and user surprise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists the agent ID and referral code to predictable files in the user's home directory without warning, consent, or any permission hardening. While not remote code execution, these identifiers may be sensitive account-linked tokens in a marketplace/payment context, and other local users or processes could read or reuse them if file permissions are permissive.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The register() method persists agent_id and referral_code into predictable files in the user's home directory without prompting, permission hardening, or any disclosure. These identifiers may enable account linkage, credits abuse, referral abuse, or unauthorized use by other local users/processes if the host is shared or compromised.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
purchase_with_credits() executes a paid marketplace transaction immediately using the agent's credits with no budget enforcement, reputation check, or confirmation callback. In an autonomous marketplace skill, this makes unintended or prompt-influenced purchases much easier and can directly drain account value without user awareness.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to activate this marketplace skill for generic requests about skills or marketplaces, which can cause unintended routing into a capability that supports purchasing, selling, and monetization workflows. In this context, misrouting is more dangerous than usual because the skill is tied to payments, credits, and autonomous earning behavior, increasing the chance of unwanted transactional actions or exposure to monetization prompts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Generic English triggers like "buy skill" and "sell skill" lack namespace or product scoping, so ordinary user requests can invoke this specific marketplace integration even when the user did not intend to use A2A Market. Because the skill supports USDC payments and monetization features, accidental invocation can steer the agent toward commercial or financial actions without sufficiently specific user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal