a2a is an AI agent skill, created by gstdcoin and published at gstdcoin/a2a. ClawSecure audited a2a across 57 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 66 findings concentrate in Data Exfiltration, Resource Abuse and Unauthorized Tool Use, including Pattern detected: requests.post( and Pattern detected: requests.post(. 39 were rated high or critical severity.
Is a2a safe?
ClawSecure audited a2a and assigned a security score of 0/100 (High Risk), identifying 66 findings across Data Exfiltration and Resource Abuse. Review the findings below before installing.
What did ClawSecure find in a2a?
ClawSecure identified 66 findings in a2a, concentrated in Data Exfiltration, Resource Abuse and Unauthorized Tool Use. 39 were rated high or critical severity. The most severe include Pattern detected: requests.post( and Pattern detected: requests.post(.
How was a2a audited?
ClawSecure ran a2a through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 57 files from gstdcoin/a2a.
What does a score of 0 mean?
ClawSecure assigned a2a a security score of 0/100, placing it in the High Risk range. This is driven by 66 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for a2a
ClawSecure detected 66 security findings in a2a, spanning Data Exfiltration, Resource Abuse, Unauthorized Tool Use and Policy Violation.
- critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
genesis_ignite.py:49. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
genesis_ignite.py:73. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/gstd_wallet.py:82. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/gstd_wallet.py:168. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/gstd_wallet.py:201. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/gstd_wallet.py:457. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/gstd_wallet.py:480. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/llm_service.py:29. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/llm_service.py:46. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/gstd_client.py:71. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/gstd_client.py:99. - critical · Pattern detected: requests.post(. Data Exfiltration finding detected in
python-sdk/gstd_a2a/gstd_client.py:166.
Showing the 12 highest-severity of 66 findings. The full interactive list appears below.
3-Layer Audit Protocol
Security Recommendations for a2a
Audit external network connections
Resolve policy violations
Investigate prompt injection vectors
Related Security Research
ClawHavoc Explained: The Malware Family Targeting AI Agents→Beyond Static Scans: Why ClawSecure Verifies Agentic Intent→Related AI Agent Security Audits
Scanned on February 18, 2026. a2a is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.