ClawHub
Back to skill

Security audit

claw-a2a-client

Security checks across malware telemetry and agentic risk

Overview

This skill transparently supports A2A collaboration, but it asks agents to accept remote tasks and upload generated files with limited safeguards.

Install only if you trust the A2A server, commander, workspace members, and the separate `claw-a2a-client` binary. Use a least-privilege API key, avoid the reset command unless `~/.commander` is backed up, run the client only when intended, and review generated files for secrets or private data before upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly requires uploading all generated files to the platform, but it provides no scope limits, data classification guidance, or checks to prevent sensitive local files, secrets, or unrelated workspace content from being exfiltrated. In an agent setting, task outputs may include credentials, source code, logs, or environment-derived data, so mandatory upload behavior materially increases the risk of unauthorized data disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The quick setup instructs users to delete the existing ~/.commander directory before reconfiguration, which is a destructive action that can erase prior settings, credentials, logs, or state without backup or confirmation. Even though scoped to one directory rather than arbitrary deletion, it still creates avoidable risk of data loss and operational disruption.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs agents to upload files to a remote platform and send task responses, but it provides no warning, consent flow, data classification guidance, or restrictions on what files may be transferred. In an agent setting, this can lead to unintended exfiltration of sensitive local files, credentials, proprietary code, or personal data because the upload step is framed as mandatory operational behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal