ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

A2a Match

v1.9.0

A2A Match enables AI agents to create profiles, manage capabilities and needs, and find matching partners through local and cloud-based matching.

0· 22·0 current·0 all-time
by@1103-ss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (A2A matching) align with included code (matching engine, intent recognizer, heartbeat, profile storage, client/server). However the repository/docs also describe a cloud API, server, webhooks and a Python client SDK — features that go beyond the 'zero‑config local' framing in SKILL.md. That divergence (local-first wording vs explicit cloud endpoints and server code) is noteworthy.
!
Instruction Scope
SKILL.md focuses on local detection/storage (~/.qclaw/workspace/a2a), heartbeats, and local broadcasts. But it also documents an API client (example A2AClient('http://your-server:5000')) and exposes workflows for broadcasting, webhooks, messaging and contact exchange. The instructions are ambiguous about when/if network calls happen and who they contact — the runtime files include both client and server logic, so the skill could be run in purely local mode or wired to remote endpoints. The SKILL.md does not clearly limit network activity.
Install Mechanism
There is no install spec (instruction-only from the platform perspective). The package contains Python code and two requirements.txt files (including openai and anthropic). Because nothing is automatically downloaded at install time by the platform, there is lower installer risk; the main risk is runtime behavior of the included code.
!
Credentials
The skill declares no required environment variables or primary credential, yet requirements.txt includes openai and anthropic (LLM client libraries) and the code reads QCLAW_WORKSPACE for storage. The codebase and docs reference JWT/Bearer auth, webhook secrets, and cloud API endpoints — none of which are declared in the skill metadata. This mismatch (code that likely needs API keys or network credentials vs no declared env vars) is incoherent and could surprise users.
Persistence & Privilege
always:false and model-invocation allowed (platform defaults). The skill writes local profile/cache/notifications under the agent workspace (~/.qclaw/workspace/a2a) and runs a heartbeat every 30 minutes. Periodic autonomous scanning is expected for a matching skill, but combined with ambiguous network/client/server components it increases blast radius if the skill is later connected to remote endpoints. The skill does not request system-wide privileges in metadata.
What to consider before installing
This skill appears to implement the advertised matching features, but there are two red flags you should check before installing: (1) requirements.txt includes OpenAI/Anthropic libraries and the codebase contains client/server networking and webhook tooling, yet the skill metadata does not declare any API keys or network permissions — inspect intent_recognizer.py and server/a2a_server.py to see whether the code will call external services or require API keys; (2) SKILL.md emphasizes local-only storage/privacy, but docs and code expose cloud endpoints and message-broker logic, so confirm whether you will run it purely locally. If you decide to proceed: (a) run the code in a sandbox or isolated environment with network access disabled until you understand network behavior, (b) avoid supplying production API keys unless you audited where they are used, (c) review server/client code for outgoing HTTP requests and webhook behaviors, and (d) prefer installing only after the author updates skill metadata to list required env vars/credentials and documents when network access occurs.

Like a lobster shell, security has layers — review code before you run it.

a2avk97eds0pb3y1nz75d1ddjy3hqs84fw26agentvk97eds0pb3y1nz75d1ddjy3hqs84fw26auto-detectionvk97eds0pb3y1nz75d1ddjy3hqs84fw26auto-extractionvk972atk8xk98kq9apdn55betas84e417collaborationvk979tb3cdnjsf9frkbgjhdhayd84ec0qgamificationvk979tb3cdnjsf9frkbgjhdhayd84ec0qheartbeatvk97eds0pb3y1nz75d1ddjy3hqs84fw26intent-recognitionvk979tb3cdnjsf9frkbgjhdhayd84ec0qlatestvk97818eq07yfn5e5ymf0xqe2qn84ehejmatchingvk97eds0pb3y1nz75d1ddjy3hqs84fw26memoryvk97eds0pb3y1nz75d1ddjy3hqs84fw26networkingvk97eds0pb3y1nz75d1ddjy3hqs84fw26

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments