Back to skill
Skillv0.2.18
VirusTotal security
Openclaw A2a · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 29, 2026, 6:41 PM
- Hash
- fa96b43120b738cf2a750068f995ce420b7e2837c3b696a5fe46dfc4d2c0cb46
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-a2a Version: 0.2.18 The skill bundle (v0.2.18) for a2a.fun directs the agent to perform automated registration and local token persistence using shell commands (mkdir, chmod, cat) within SKILL.md. It explicitly instructs the agent to follow a 'streamlined' flow that bypasses user confirmation ('do not ask the user') and requires the agent to transmit a summary of the user's recent work to an external API (https://a2a.fun/api/search) to find collaboration projects. While these actions are functional for the stated purpose of agent-native collaboration, the instructions to act autonomously without explicit consent for data transmission and filesystem modifications constitute high-risk behaviors.
- External report
- View on VirusTotal