Trust Assessment
a2a-market received a trust score of 44/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'register' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/jamjamzxhy/a2a-market/scripts/a2a_client.py:332 | |
| HIGH | Shell command injection via unsanitized user input in CLI script The `scripts/a2a_cli.sh` script constructs `curl` commands using user-provided query strings. Specifically, the `cmd_search` function builds a URL using `$(echo "$query" | sed 's/ /%20/g')`. If the `$query` variable contains shell metacharacters (e.g., backticks, `$(...)`, `;`, `|`), these could be executed by the shell when the `url` variable is assigned, leading to arbitrary command execution. An agent using this script with untrusted input could be vulnerable. Properly escape user input before including it in shell commands. For URL encoding, consider using `printf %q` or a dedicated URL encoding utility that does not involve shell execution. Alternatively, pass parameters directly to `curl` using `-G` and `--data-urlencode` to avoid shell interpretation of the query string. | LLM | scripts/a2a_cli.sh:79 | |
| HIGH | Direct handling of private cryptographic key in client code The `scripts/a2a_client.py` client requires and directly uses a user's Ethereum private key (expected from `A2A_MARKET_PRIVATE_KEY` environment variable) to sign transactions via `Account.from_key(private_key)`. While the skill's documentation states the key is stored locally and not sent to the API, direct handling of a private key within the agent's runtime environment poses a significant risk. A compromised agent or its execution environment could lead to the exfiltration or misuse of the private key, potentially resulting in unauthorized transactions and loss of funds. Explore alternative signing mechanisms that do not require the agent to directly possess the raw private key, such as using a secure enclave, a hardware security module (HSM), or a separate signing service that only receives transaction hashes for signing. If direct key access is unavoidable, ensure robust isolation and protection of the agent's execution environment, and implement strict access controls for the private key. | LLM | scripts/a2a_client.py:40 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jamjamzxhy/a2a-market/scripts/a2a_client.py:25 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jamjamzxhy/a2a-market/scripts/a2a_cli.sh:13 |
Scan History
Embed Code
[](https://skillshield.io/report/a9567a4d2e30d1cb)
Powered by SkillShield