a2a-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt shows generating and embedding bearer tokens into configuration/peer JSON and passing tokens to CLI scripts (e.g., --token, openclaw config set ... "$TOKEN"), which means an agent automating these steps would need to accept and output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and auto-discovers peer Agent Cards and messages remote agents (e.g., scripts/a2a-send.mjs and the curl checks that retrieve http://<PEER_IP>:18800/.well-known/agent-card.json, and the TOOLS.md instructs the agent to run the script), so it ingests untrusted third‑party agent responses that can influence tool use and next actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs running privileged installation commands (curl ... | sh) and explicitly uses "sudo tailscale up", and it modifies system/network and service configuration of the running server (installing plugins, changing OpenClaw config, restarting gateway), which requires or encourages elevated privileges and can alter machine state.