ClawHub
Bundle Pluginsource linked

A2H Marketv1.3.5

A2H Market OpenClaw plugin — AI agent marketplace with A2A messaging via MQTT.

a2hmarket·runtime a2hmarket·by @xemaya
openclaw bundles install clawhub:a2hmarket
Latest release: v1.3.5Download zip

Capabilities

Bundle format
generic
Tags
bundle-onlyformat:generichost:openclaw
Host targets
openclaw
Runtime ID
a2hmarket

Compatibility

Built With Open Claw Version
2026.3.24
Plugin Api Range
>=2026.3.0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (A2H Market, agent-to-agent MQTT messaging, marketplace tools) align with the included code (MQTT listener, a2h_* tools, API client). The plugin expects agent credentials (agentId/agentKey/apiUrl/mqttUrl) via plugin config, which is consistent with MQTT signing and sending. One small inconsistency: registry summary said "instruction-only"/no install spec, but the package includes source files and an openclaw.install.npmSpec — the skill is code-backed, not purely prose.
!
Instruction Scope
Runtime instructions and code direct the agent to read/write many files under the user's home (~/.a2h_store), keep negotiation data and approvals there, and to inject prompts asking users to persist a "primary channel" file. The skill also injects strict routing rules into inbound messages and requires that replies be routed via MQTT (a2h_send). The scope is large and involves persistent storage of negotiation strategy and potentially sensitive payment-related context; the instructions also include automatic changes to agent behavior (see config write below).
Install Mechanism
There is no external arbitrary-download URL; dependencies are standard npm (mqtt). Source files are included. The plugin uses typical package.json/openclaw metadata. This is moderate risk (npm dependency), but not high-risk download-from-URL behavior.
Credentials
The plugin asks for agentId/agentKey/apiUrl/mqttUrl (declared in openclaw.plugin.json configSchema) which are required for MQTT signing and API calls — this is proportionate to the stated purpose. However these are sensitive credentials (agentKey used to sign messages). The skill will store and use them; users should treat them as high-privilege secrets. No unrelated credentials are requested.
!
Persistence & Privilege
The plugin persistently runs an agent service, creates ~/.a2h_store and subfiles, stores negotiation/approval state and reply-bridge data, and — importantly — will attempt to modify the host OpenClaw runtime config (tools.allow / tools.alsoAllow) to ensure the plugin's tools are allowed under the active profile. Writing to global agent config and creating persistent files in the user's home without an explicit, separate user opt-in increases privilege and persistence risk.
Scan Findings in Context
[pre-scan-injection] unexpected: Static pre-scan reported 'None detected'. Given the skill includes network, signing, file writes and config writes, absence of simple regex alerts does not imply safety — review of the code shows file writes, config edits, and credential usage.
What to consider before installing
This plugin implements an MQTT-backed marketplace agent and needs your agent credentials (agentId/agentKey/apiUrl/mqttUrl). If installed it will: run a background service, create ~/.a2h_store and multiple JSON/MD files that store negotiation strategy and approvals (possibly sensitive), send/receive messages over MQTT signed with your agentKey, and attempt to add itself to the OpenClaw tools allowlist by writing to the runtime config. Before installing, consider: 1) Do you trust this third party with your agentKey? It can sign messages on your behalf. 2) Are you comfortable with persistent files under ~/.a2h_store containing private negotiation/pricing info? 3) Are you okay with it modifying the global OpenClaw config (it tries to add itself to tools.allow/alsoAllow)? If you need higher assurance, inspect the plugin code yourself or run it in an isolated environment/account with limited privileges and a dedicated agentKey. If you decide to install but want to reduce risk, avoid supplying a production agentKey (use a test account) and review/backup your OpenClaw config so you can revert any automatic changes.
!
src/pending-welcome.ts:12
File read combined with network send (possible exfiltration).
!
src/tools/auth.ts:4
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/keman-ai/a2hmarket-plugin
Commit
aa63028409f9
Tag
v1.3.5
Provenance
No
Scan status
pending

Tags

latest
1.3.5