Security Audit

a2a-hub

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

a2a-hub received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill allows registration of agents with arbitrary URLs, enabling data exfiltration and credential exposure.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Skill allows registration of agents with arbitrary URLs, enabling data exfiltration and credential exposure The `a2a-hub` skill provides functionality to register an AI agent with a user-specified `url` and an optional `upstreamApiKey`. Subsequent messages sent via the hub to this registered agent will be proxied to the specified `url`. Additionally, the `upstreamApiKey` will be included in requests to the upstream agent. An attacker could craft a prompt to the LLM to register an agent with a malicious `url` under their control. If the LLM then sends sensitive user data (e.g., personal information, internal documents) or provides its own API keys (via `upstreamApiKey`) to this agent, that data or credentials could be exfiltrated to the attacker's server. This risk is inherent to the design of a relay service where the destination is user-controlled. The LLM should be designed to validate and confirm user-provided URLs and `upstreamApiKey` values before registering an agent or sending messages. Implement explicit user consent for sending sensitive data or credentials to newly registered or untrusted endpoints. Consider whitelisting known safe URLs or prompting the user for confirmation when an external URL is provided for agent registration.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f349d6a9ded4674c.svg)](https://skillshield.io/report/f349d6a9ded4674c)