A2A Marketplace
WarnAudited by ClawScan on May 10, 2026.
Overview
This marketplace skill is coherent, but it can run paid external tools, including batches, through an unreviewed package without clear approval, budget, account, or data-use boundaries.
Install only if you trust the AgentForge plugin and understand the billing account it uses. Before any execution, ask the agent to show the selected tool, schema, price, and total budget, and avoid sending sensitive data unless the marketplace provider and retention terms are clear.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could run marketplace tools that incur charges, including multiple tools at once, without the user having a clear spending or confirmation boundary.
The skill exposes paid tool execution and batch execution, but the instructions do not define approval gates, budget limits, allowed tools, or rollback/containment before charges occur.
`forge_execute` | Execute a tool (billing applied automatically) ... `forge_batch_execute` | Execute up to 10 tools in parallel
Require explicit user confirmation before any billed execution, show price and tool identity first, set a max budget, and avoid batch execution unless the user approves each call or a clear spend cap.
The user may not know which account is being charged, what permissions the plugin has, or how to revoke or limit spending authority.
The skill implies access to an account balance, spending history, tier, and automatic billing, but the provided metadata declares no credential or account contract explaining whose authority is used or how it is scoped.
`forge_balance` | Check agent balance, spending, and tier
Document the billing account, required credentials or delegated identity, permission scope, spending limits, and revocation process before allowing execution.
The most important behavior is in an unreviewed dependency, so users cannot verify how tool execution, billing, or data handling are implemented from the supplied artifacts.
The skill installs an external npm plugin that likely implements the sensitive marketplace and billing behavior, but the artifact set provides no reviewed code files, homepage, or source provenance.
node | package: @a2a/openclaw-plugin
Provide a source repository or reviewed code package, pin the dependency version, publish integrity/provenance information, and document what the plugin does before install.
Text, files, code, or other inputs given to marketplace tools may be processed by external providers outside the local agent environment.
Executing marketplace tools necessarily sends user-provided input to AgentForge or marketplace tools, but the instructions do not describe data retention, provider identity, or boundaries for sensitive inputs.
Use `forge_execute` with toolId "tool-abc" and input { "text": "Hello world" }Do not send secrets, private documents, customer data, or regulated information unless the provider and retention terms are clear and acceptable.