ClawHub

A2a Server

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local agent-to-agent messaging server, but it needs review because it routes remote agent calls without implemented authentication, authorization, or message signing.

Install only if you intend to run a local or otherwise trusted agent-to-agent messaging server. Keep it bound to localhost unless you add authentication, authorization, TLS, message signing, and allowlists for agent IDs and capabilities. Do not send secrets, credentials, private prompts, code, or sensitive task data through remote agents you do not fully trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The header comment explicitly claims 'Trust chain authorization' support, but the visible implementation only stores a trustChain option and never validates identities, signatures, or authorization before register/call/publish/subscribe actions. In an agent-to-agent messaging server, this can cause operators and downstream components to assume authenticated, authorized routing when in reality any client can impersonate agents and send messages freely.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The module advertises 'trust chain authorization' but never authenticates clients, validates identity, or enforces any authorization checks before registration, discovery, subscription, message forwarding, or unregister actions. In an agent-to-agent messaging server, this creates a direct impersonation and unauthorized access risk because any connected client can claim arbitrary agent IDs and interact with other agents as though trusted.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This document provides concrete examples for WebSocket-based cross-agent RPC, remote tool registration, and delegated execution, while explicitly noting that trust-chain authorization is not yet implemented. In the context of an agent skill, that combination can normalize or encourage deployment of remote execution-style workflows without adequate warnings about authentication, authorization, data exposure, or unsafe tool invocation boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly demonstrates remote agent discovery and cross-agent RPC/remote execution patterns, but does not warn that invoking remote agents can expose prompts, task data, code, or other sensitive inputs to external or semi-trusted peers. In this context, the documented feature set also notes that trust-chain authorization and message signing are not yet implemented, which makes untrusted remote execution materially riskier.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes registration, discovery, publish/subscribe, metadata filtering, and message exchange over the A2A network without warning users that agent metadata, capabilities, version/author fields, and published payloads are shared with the server and potentially other agents. Because the design is a WebSocket-based multi-agent communication fabric and security controls such as message signing and trust authorization are still pending, this omission can lead users to unintentionally disclose sensitive operational or identifying information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes remote execution and remote search across an agent-to-agent network, but the documentation does not warn that task parameters, prompts, or other sensitive data may be transmitted to untrusted or loosely trusted remote agents. In context, the same document also states that authentication/authorization and message signing are not yet implemented, which materially increases the risk of data leakage, spoofing, and unsafe delegation.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal