ClawHub

A2a Register

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for A2A gateway registration, but it uses broad admin gateway access and stores credentials in a way that deserves review before installation.

Install only if you trust the configured A2A gateway and are comfortable letting these scripts use its admin API. Prefer HTTPS gateway URLs, restrict access to the generated a2a.conf file, avoid running these scripts on shared machines, and understand that even status and heartbeat operations can access gateway-wide agent metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script ignores the configured API key and instead calls the gateway bootstrap admin endpoint to obtain a high-privilege JWT. That creates an unnecessary privilege escalation path for a task that should require only scoped self-deregistration rights, and if the configured gateway URL is malicious or misdirected, the script will request and use powerful admin credentials against it.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script obtains an admin bootstrap JWT from the gateway and then uses admin endpoints to manage agents. This grants the script broad administrative capability beyond simple self-registration, so if the gateway URL is misconfigured, compromised, or attacker-controlled, the script can retrieve privileged credentials and operate with excessive authority.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script uses the privileged /v0/admin/bootstrap endpoint to obtain an admin JWT and then calls /v0/admin/agents to enumerate the full registry, even though its stated purpose is only to check this instance's registration status. This unnecessarily expands privilege and data exposure: anyone able to run the skill can access gateway-wide agent metadata rather than only the local agent's status.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The script reveals registry-wide information by printing the total number of registered agents and gateway location, which is beyond the minimum needed to answer whether this instance is registered. While not as severe as credential misuse, this still leaks operational discovery data that may help an attacker map the environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes A2A_GATEWAY_API_KEY in plaintext to a shared configuration file without setting restrictive file permissions or warning the user that credentials are being persisted. If the file is readable by other local users, committed to source control, or copied into logs/backups, the gateway credential could be exposed and used to impersonate the agent or access gateway functionality.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal