Skillv1.0.6

ClawScan security

a2a-wallet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 5:16 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (control a local a2a-wallet CLI and do x402 signing) matches its instructions; the main risks are standard for a CLI wallet (local key files, remote install script), not evidence of misdirection.
Guidance: This skill appears to do what it says (control the a2a-wallet CLI and perform x402 payment signing). The main real risks are operational, not covert: the CLI stores private keys on disk (~/.a2a-wallet) in plaintext and INSTALL.md suggests installing via curl | sh from a GitHub raw URL. Before installing or using this skill: (1) Do not import production/private funds into wallets managed by this CLI; treat wallets as development/test only. (2) Inspect the install script on GitHub rather than blindly running curl | sh; prefer downloading signed releases or binaries. (3) If you must use a local wallet, keep only tiny test balances and consider using a dedicated VM/container or hardware wallet for anything important. (4) Verify the repository and release pages yourself (the SKILL.md references a GitHub repo at github.com/planetarium/a2a-x402-wallet). If you want stronger assurance, ask the skill author for a release artifact (checksum/signature) or a vetted package manager distribution instead of running the raw install script.

Review Dimensions

Purpose & Capability: okName/description match the SKILL.md: it documents CLI commands for agent discovery, sending, x402 signing, wallet management, balance and faucet. Nothing requested (no env vars, no strange binaries) is unrelated to a wallet/CLI client.
Instruction Scope: noteThe instructions tell an agent to use the a2a-wallet CLI and show exact commands for signing and sending metadata. They responsibly warn that local wallets store private keys plaintext under ~/.a2a-wallet and instruct the user to avoid using significant funds. The SKILL.md does not itself instruct the agent to read arbitrary host files or exfiltrate secrets, but because the skill is a wallet client it implies filesystem access to private keys — the user (and agent) must be careful not to expose those files. The guidance to confirm user acceptance of risks is appropriate but relies on the agent enforcing it.
Install Mechanism: concernThere is no registry install spec, but INSTALL.md recommends curl -fsSL https://raw.githubusercontent.com/planetarium/a2a-x402-wallet/main/scripts/install.sh | sh. Piping a remote script to sh executes code fetched at install time (moderate risk). The URL is a GitHub raw URL that matches the repository declared in SKILL.md metadata, which reduces but does not eliminate risk. Recommend manual inspection of the install script or installing from official releases/binaries rather than curl|sh.
Credentials: okThe skill declares no required environment variables or credentials. The CLI supports configuring tokens/URLs, and the SKILL.md notes possible custodial services (Privy) and the need for on-chain addresses, but nothing in the skill asks for unrelated secrets. This is proportionate for a wallet CLI.
Persistence & Privilege: okalways is false, model invocation is allowed (the platform default). The skill does not request persistent system-wide privileges or modify other skills' configuration. The primary danger is normal for wallet software: local key files that remain on disk.