a2a-wallet
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its wallet/payment purpose, but it gives the agent high-impact authority over plaintext wallet keys and cryptocurrency payment signing, so users should review it carefully.
Install only if you trust the a2a-wallet project and have reviewed or pinned the installer. Use a fresh, low-balance wallet only, never import a valuable wallet, and require explicit confirmation before every payment signature or submission.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key file is read, copied, or leaked, wallet assets can be permanently stolen or spent.
A plaintext private key is a credential that can control wallet funds, and the artifact explicitly says it is accessible to the agent runtime and other local processes.
The local wallet stores the private key as a plain file on disk (`~/.a2a-wallet/`). As an AI agent using this CLI, you have direct filesystem access
Use only a new throwaway wallet with tiny balances, never import an existing valuable wallet, and remove local key files when finished.
A mistaken or malicious payment request could cause the agent to sign or submit an unwanted payment.
The documented workflow signs payment requirements and submits the resulting metadata to a remote A2A agent; this can authorize financial movement and the visible instructions do not show a per-payment approval gate.
Payment flow: ... Sign the requirements with `x402 sign` ... Submit payment by sending back with `--task-id` and `--metadata`
Before every x402 signing action, require the user to approve the exact amount, asset, network, recipient address, and agent/task being paid.
Installing this way executes code that was not part of the reviewed artifacts and that will manage wallet-related operations.
The installer runs a remote script from the repository's main branch, and the reviewed package does not include the installer or CLI code.
curl -fsSL https://raw.githubusercontent.com/planetarium/a2a-x402-wallet/main/scripts/install.sh | sh
Inspect the install script first, prefer pinned releases and checksums, and install only if you trust the repository and publisher.
Information included in prompts, task messages, or payment metadata may be shared with remote agents.
The skill is designed to interact with third-party A2A agents discovered through a registry, so user messages and payment metadata may be sent to external endpoints.
Use the `registry search` command to discover A2A agents ... Use the card URL with `a2a card <url>` to inspect capabilities before interacting.
Verify agent card URLs and avoid sending secrets or sensitive personal data to untrusted agents.