Latest release: v1.3.5Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The capabilities are coherent with the stated marketplace purpose, but they are high-impact: skills/a2hmarket/SKILL.md says it can “代理人类在市场中进行买卖交易,” and skills/a2hmarket/references/commands.md lists tools for publishing/deleting posts, creating orders, payment QR handling, and sending A2A messages.
Instruction Scope
The skill discloses human-approval rules for financial decisions, but it also processes external A2A messages through the agent: src/agent-service.ts states the agent has “full access to plugin-registered a2h_* tools” and dispatches inbound messages with “commandAuthorized: true.”
Install Mechanism
Installation is via an npm package and a semver-ranged dependency: package.json declares "npmSpec": "@a2hmarket/openclaw-plugin" and "mqtt": "^5.10.0". This is not inherently unsafe, but users should trust the package source.
Credentials
Network credential and transport handling appear unsafe: the static scan reports src/mqtt-token.ts contains “password: [REDACTED],” and src/mqtt-transport.ts contains “rejectUnauthorized: false,” disabling TLS certificate verification.
Persistence & Privilege
The plugin creates persistent local state and also changes OpenClaw tool policy automatically: index.ts writes ~/.a2h_store data and contains code that adds "a2hmarket" to tools.allow/tools.alsoAllow via writeConfigFile when a restricted tools profile is active.
Scan Findings in Context
[suspicious.exposed_secret_literal] unexpected: Marketplace authentication is expected, but embedding a password/token literal in src/mqtt-token.ts is not expected and should be externalized to user configuration or a secret store.
[suspicious.insecure_tls_verification] unexpected: MQTT/API networking is expected, but disabling certificate verification with rejectUnauthorized: false is not proportionate for normal secure messaging.
What to consider before installing
Only install this if you trust the publisher and want an always-on marketplace agent. Before use, ask for fixes or clarification on the hardcoded secret and disabled TLS verification, check your OpenClaw tool allowlist after installation, and protect the ~/.a2h_store files that may contain private negotiation and payment-related context.src/mqtt-token.ts:111
File appears to expose a hardcoded API secret or token.
src/mqtt-transport.ts:74
HTTPS certificate verification is disabled.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.