Back to plugin
Pluginv1.0.2
ClawScan security
A2H Market · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 30, 2026, 11:30 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The plugin's code, tools, and runtime instructions are consistent with a marketplace + A2A messaging plugin: it talks to an A2H API, uses MQTT for agent-to-agent messaging, stores agent credentials locally and (optionally) moves a signing key into the macOS keychain — these behaviors match the stated purpose, but the installer reads/writes local config and makes external network calls so you should review/trust the remote endpoints before installing.
- Guidance
- This package appears functionally coherent with its description (marketplace + A2A messaging). Before installing: 1) Review and trust the remote endpoints (web.a2hmarket.ai, api.a2hmarket.ai, the mqtt host) because the installer contacts them and polls for credentials. 2) Inspect ~/.openclaw/openclaw.json for channel tokens — the installer may read those to send onboarding messages (Feishu/Discord). 3) The installer will create ~/.openclaw/a2hmarket/credentials.json containing agent secrets; the provided setup-tempo-key tool will move a tempo private key into the macOS Keychain if you run it — verify contents of credentials.json before moving or deleting keys. 4) If you do not trust the author (owner ID is present but no homepage/source listed), run the installer only in a controlled environment or review/execute the install script manually rather than using npx. 5) Do not run the macOS keychain migration on non-mac systems; verify the private key format before migrating. If you want more confidence, request the plugin's official source/repo, verify signatures/ownership, or run the code in an isolated VM/container.
Review Dimensions
- Purpose & Capability
- okName/description (A2H Market marketplace + A2A via MQTT) align with code and dependencies: mqtt and an API client are present, the plugin registers many a2h_* tools (works, orders, profile, file upload, address, send) and contains MQTT listener/transport and API client code. The use of a signing/tempo key and viem (blockchain signing library) is coherent with on-chain/tempo-style signing/payment flows referenced in docs.
- Instruction Scope
- noteSKILL.md and the playbooks confine the agent to marketplace actions and require human approval for money/commitment decisions. However, the shipped scripts and runtime code read and write local configuration files (e.g. ~/.openclaw/openclaw.json, ~/.openclaw/a2hmarket/credentials.json, ~/.a2h_negotiation/*), access system APIs (macOS keychain via security CLI when used), and call external endpoints (web.a2hmarket.ai, a2hmarket.ai, Aliyun MQTT host, Feishu/Discord APIs). These filesystem and network accesses are expected for this plugin's role but are broader than an instruction-only skill — review and consent are required.
- Install Mechanism
- noteThere is no centralized install spec in the registry metadata despite package.json providing a bin script and an openclaw.install.npmSpec. The installer is a local Node script (scripts/install.mjs) that will fetch auth info from web.a2hmarket.ai, poll for credentials, and write credentials to ~/.openclaw/a2hmarket/credentials.json. No third-party binary downloads from untrusted URLs are used, but the install script performs network operations and filesystem writes — exercise the usual caution.
- Credentials
- noteThe plugin declares no required environment variables, which matches the package metadata. Nevertheless the code reads OpenClaw config files and channel credentials (Feishu/Discord bot tokens) from ~/.openclaw/openclaw.json (or via 'openclaw' CLI detection) to send onboarding notifications; it will also store agent credentials and may expect a tempo private key in credentials.json. That set of accesses is broadly proportional to a marketplace agent but may be surprising because credentials are discovered in existing config rather than provided explicitly as environment variables.
- Persistence & Privilege
- noteThe installer writes persistent files under the user's home (~/.openclaw/a2hmarket/credentials.json and ~/.a2h_store/*). There is also an optional helper (scripts/setup-tempo-key.mjs) which migrates a tempo private key into the macOS Keychain. Persistent credential storage is expected for an agent that must hold an agent key, but users should be aware that installing will create these files and (if used) move secrets into system keychain storage.