← Back to Scanner

a2a Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

a2a is an AI agent skill, created by gstdcoin and published at gstdcoin/a2a. ClawSecure audited a2a across 57 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 66 findings concentrate in Data Exfiltration, Resource Abuse and Unauthorized Tool Use, including Pattern detected: requests.post( and Pattern detected: requests.post(. 39 were rated high or critical severity.

Is a2a safe?

ClawSecure audited a2a and assigned a security score of 0/100 (High Risk), identifying 66 findings across Data Exfiltration and Resource Abuse. Review the findings below before installing.

What did ClawSecure find in a2a?

ClawSecure identified 66 findings in a2a, concentrated in Data Exfiltration, Resource Abuse and Unauthorized Tool Use. 39 were rated high or critical severity. The most severe include Pattern detected: requests.post( and Pattern detected: requests.post(.

How was a2a audited?

ClawSecure ran a2a through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 57 files from gstdcoin/a2a.

What does a score of 0 mean?

ClawSecure assigned a2a a security score of 0/100, placing it in the High Risk range. This is driven by 66 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for a2a

ClawSecure detected 66 security findings in a2a, spanning Data Exfiltration, Resource Abuse, Unauthorized Tool Use and Policy Violation.

Showing the 12 highest-severity of 66 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for a2a

Audit external network connections
a2a sends data to external endpoints. Confirm each destination is expected and authorized, and remove any callback that exfiltrates data. ClawSecure monitors for known exfiltration and C2 endpoints.
Resolve policy violations
a2a trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.
Investigate prompt injection vectors
Prompt injection is one of the most critical threats to AI agents. Attackers can embed malicious instructions in content the agent processes, causing unintended actions. Review every point where a2a processes external content and add input validation and output filtering.

Related Security Research

ClawHavoc Explained: The Malware Family Targeting AI AgentsBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

79129ab11fed32e9Score 0/100a4b01e81f20e9814Score 0/1006bc837afc1a86e89Score 0/10062ac696296b54aadScore 0/10080e3abb00251d455Score 0/100

Scanned on February 18, 2026. a2a is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan