← Back to Skills Marketplace
ost006

a2a-wallet

by ost006 · GitHub ↗ · v1.0.6 · MIT-0
cross-platform ⚠ suspicious
495
Downloads
0
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install a2a-wallet
Description
Use the a2a-wallet CLI to interact with A2A agents — send messages, stream responses, and manage tasks. Also supports x402 payment signing and local wallet m...
README (SKILL.md)

a2a-wallet Skill

If a command fails with a "command not found" error, refer to INSTALL.md in this directory and guide the user through installation.

Commands

Command Description
a2a A2A protocol client: auth, list, disconnect, card, send, stream, tasks, cancel
registry Agent registry: search (find agents), register (register an agent by agent card URL)
x402 sign Sign x402 PaymentRequirements → A2A message metadata (for paywalled agents)
wallet Manage local wallets: create, import, list, use, export, connect, disconnect
status Show default wallet address and web app URL
config Get or set config values (token, url)
balance Show USDC balance for the active wallet on a given network
faucet Request testnet USDC (Base Sepolia) directly from the CLI — no browser or auth required
update Update the CLI binary

Finding Agents

Use the registry search command to discover A2A agents by keyword or capability:

a2a-wallet registry search \x3Cquery>

Examples:

a2a-wallet registry search "image generation"
a2a-wallet registry search translator
a2a-wallet registry search --json weather   # machine-readable output

The registry returns matching agents with their name, description, and card URL. Use the card URL with a2a card \x3Curl> to inspect capabilities before interacting.

To register a new agent in the registry:

a2a-wallet registry register \x3Cagent-card-url>

Agent Card Extensions

Before interacting with an A2A agent, inspect its card to check which extensions are declared:

a2a-wallet a2a card https://my-agent.example.com

The capabilities.extensions array in the card lists supported (and possibly required) extensions. The following extension is relevant to this CLI:

x402 Payments Extension

Extension URI: https://github.com/google-agentic-commerce/a2a-x402/blob/main/spec/v0.2

Agents declaring this extension monetize their services via on-chain cryptocurrency payments. If required: true, the client must implement the x402 flow.

How to detect: The agent card will contain:

{
  "capabilities": {
    "extensions": [
      {
        "uri": "https://github.com/google-agentic-commerce/a2a-x402/blob/main/spec/v0.2",
        "required": true
      }
    ]
  }
}

Payment flow:

  1. Send a message → agent replies with task.status = input-required and metadata["x402.payment.status"] = "payment-required" plus metadata["x402.payment.required"] containing PaymentRequirements
  2. Sign the requirements with x402 sign: 
    METADATA=$(a2a-wallet x402 sign \
  --scheme exact \
  --network base \
  --asset \x3Ctoken-address> \
  --pay-to \x3Cmerchant-address> \
  --amount \x3Camount> \
  --extra-name \x3Ceip712-domain-name> \
  --extra-version \x3Ceip712-domain-version> \
  --json)
  3. Submit payment by sending back with --task-id and --metadata: 
    a2a-wallet a2a send \
  --task-id \x3Ctask-id> \
  --metadata "$METADATA" \
  https://my-agent.example.com "Payment submitted"

SECURITY WARNING — READ BEFORE SETTING UP A WALLET

Always present the following warnings to the user before creating or importing any wallet.

Local Wallet Risk

The local wallet stores the private key as a plain file on disk (~/.a2a-wallet/). As an AI agent using this CLI, you have direct filesystem access — which means the key file is accessible to the agent runtime and any other process on the machine.

  • Do NOT create or use a local wallet that holds significant assets.
  • Do NOT import or restore a wallet that holds significant assets into this CLI.
  • If the key file is read by any unauthorized process or leaks for any reason, all assets are permanently unrecoverable. The user bears full responsibility.

Custodial Wallet Risk

The custodial wallet delegates key management to Privy and the a2a-wallet web service. This project cannot guarantee custodial wallet security.

  • Do NOT store significant amounts of assets in the custodial wallet.
  • Key management is outside the user's direct control. The user bears full responsibility for any loss due to third-party service incidents or misconfigurations.

Both wallet types are intended for small micro-payments only. Always inform the user of these risks and confirm they accept responsibility before proceeding.

Legal Notice

[!CAUTION] This software is experimental and intended for testing and development purposes only. Do not use it with production funds or significant on-chain assets.

THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. THE AUTHORS, CONTRIBUTORS, AND OPERATORS OF THIS PROJECT SHALL NOT BE LIABLE FOR ANY LOSS OF FUNDS, LOSS OF DATA, UNAUTHORIZED ACCESS TO CRYPTOGRAPHIC KEYS, SERVICE INTERRUPTION, OR ANY OTHER DAMAGES ARISING FROM USE OF THIS SOFTWARE.

When setting up a wallet, confirm the user understands and accepts the following:

  • They are using experimental software at their own risk.
  • They will not store significant assets in any wallet managed by this tool.
  • Any loss is solely their responsibility — no compensation or recovery is possible.
  • The project maintainers provide no guarantees of security, uptime, or correctness.

Wallet selection

The CLI supports two wallet types:

  • Local wallet — private key stored locally (wallet create / wallet import). No login required. Key is stored as a plain file — use only for small amounts.
  • Custodial wallet — signing delegated to the web service. Requires login via wallet connect. Security depends on a third-party provider — use only for small amounts.

Switch the active wallet with:

a2a-wallet wallet use \x3Cname>       # set a local wallet as default
a2a-wallet wallet use --custodial  # switch to the custodial wallet

Check current status at any time:

a2a-wallet status

Custodial wallet login

a2a-wallet wallet connect           # opens browser for login
a2a-wallet wallet connect --poll \x3Cdevice-code>  # complete login (headless)

Note for users upgrading from v0.3.3 or earlier

In v0.3.3 and below, the wallet was always managed by the web service (custodial). If you want to continue using that same wallet address after upgrading, you must activate the custodial wallet:

a2a-wallet wallet connect           # log in to the web service
a2a-wallet wallet use --custodial   # set custodial as the default

Recommendation: consider migrating to a local wallet. Local wallets sign entirely offline with no dependency on the web service. To switch, run wallet create and use the new address going forward.

Agent usage tips

  • Use --json for machine-readable output
  • Errors → stderr, exit 0 = success, 1 = failure
  • Override token/URL per-call with --token / --url, or set A2A_WALLET_TOKEN env var
  • Always run a2a card \x3Curl> first to check which extensions are required before sending messages
  • Use --file \x3Cpath|uri> with send or stream to attach files (repeatable). Local path → base64-embedded; http(s):// URI → referenced by URL
  • Use a2a-wallet --help or a2a-wallet \x3Ccommand> --help to discover options at any time
Usage Guidance
This skill appears to do what it says (control the a2a-wallet CLI and perform x402 payment signing). The main real risks are operational, not covert: the CLI stores private keys on disk (~/.a2a-wallet) in plaintext and INSTALL.md suggests installing via curl | sh from a GitHub raw URL. Before installing or using this skill: (1) Do not import production/private funds into wallets managed by this CLI; treat wallets as development/test only. (2) Inspect the install script on GitHub rather than blindly running curl | sh; prefer downloading signed releases or binaries. (3) If you must use a local wallet, keep only tiny test balances and consider using a dedicated VM/container or hardware wallet for anything important. (4) Verify the repository and release pages yourself (the SKILL.md references a GitHub repo at github.com/planetarium/a2a-x402-wallet). If you want stronger assurance, ask the skill author for a release artifact (checksum/signature) or a vetted package manager distribution instead of running the raw install script.
Capability Analysis
Type: OpenClaw Skill Name: a2a-wallet Version: 1.0.6 The a2a-wallet skill manages cryptocurrency wallets and transaction signing, but it introduces significant security risks by storing private keys in plain text on the filesystem (~/.a2a-wallet/), which SKILL.md acknowledges is directly accessible to the AI agent. It also promotes a risky curl-to-shell installation method in INSTALL.md and provides commands for exporting sensitive wallet data. While these features are aligned with the tool's stated purpose and include explicit security warnings, the lack of encryption for local secrets in an agent-accessible environment is a critical vulnerability.
Capability Assessment
Purpose & Capability
Name/description match the SKILL.md: it documents CLI commands for agent discovery, sending, x402 signing, wallet management, balance and faucet. Nothing requested (no env vars, no strange binaries) is unrelated to a wallet/CLI client.
Instruction Scope
The instructions tell an agent to use the a2a-wallet CLI and show exact commands for signing and sending metadata. They responsibly warn that local wallets store private keys plaintext under ~/.a2a-wallet and instruct the user to avoid using significant funds. The SKILL.md does not itself instruct the agent to read arbitrary host files or exfiltrate secrets, but because the skill is a wallet client it implies filesystem access to private keys — the user (and agent) must be careful not to expose those files. The guidance to confirm user acceptance of risks is appropriate but relies on the agent enforcing it.
Install Mechanism
There is no registry install spec, but INSTALL.md recommends curl -fsSL https://raw.githubusercontent.com/planetarium/a2a-x402-wallet/main/scripts/install.sh | sh. Piping a remote script to sh executes code fetched at install time (moderate risk). The URL is a GitHub raw URL that matches the repository declared in SKILL.md metadata, which reduces but does not eliminate risk. Recommend manual inspection of the install script or installing from official releases/binaries rather than curl|sh.
Credentials
The skill declares no required environment variables or credentials. The CLI supports configuring tokens/URLs, and the SKILL.md notes possible custodial services (Privy) and the need for on-chain addresses, but nothing in the skill asks for unrelated secrets. This is proportionate for a wallet CLI.
Persistence & Privilege
always is false, model invocation is allowed (the platform default). The skill does not request persistent system-wide privileges or modify other skills' configuration. The primary danger is normal for wallet software: local key files that remain on disk.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install a2a-wallet
  3. After installation, invoke the skill by name or use /a2a-wallet
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
**Added agent registry discovery and registration commands.** - Introduced `registry search` and `registry register` commands for finding and registering A2A agents. - Updated documentation to include instructions for agent discovery using the registry. - Expanded `description` to mention agent search and discovery. - Clarified usage examples for new and existing commands. - Minor updates to tips and examples for interacting with agents.
v1.0.5
- Added a2a search command to the CLI command list. - Updated a2a protocol client command description to include search. - No other changes detected.
v1.0.4
a2a-wallet 1.0.4 - No user-visible changes; internal or metadata updates only. - No file or documentation updates detected.
v1.0.3
- Added comprehensive security warnings for both local and custodial wallets, including mandatory legal notice and explicit user consent before wallet setup. - Updated faucet command: now requests testnet USDC (Base Sepolia) directly from the CLI without browser or auth. - Clarified intended usage for all wallet types: experimental/testing only, no significant assets, and user assumes all risk. - Improved documentation for wallet storage, risks, and migration. - No CLI file or user-facing command changes detected.
v1.0.2
- Adds new wallet management commands: create, import, list, use, export, connect, and disconnect local or custodial wallets. - Removes SIWE authentication and related commands, focusing exclusively on x402 payment signing for agent interaction. - Updates descriptions to emphasize local and custodial wallet support; explains wallet selection and migration for users upgrading from older versions. - Revises command list for clarity and streamlines guide to agent extension support. - Enhances usage documentation around active wallet status and onboarding tips for updated wallet workflows.
v1.0.1
a2a-wallet 1.0.1 - Updated installation guidance: now directs users to INSTALL.md only if "command not found" is encountered, streamlining setup instructions. - Clarified help discovery: added a tip to use `a2a-wallet --help` or `<command> --help` for options. - Expanded x402 payment flow instructions to include `--extra-name` and `--extra-version` parameters for EIP-712 domain support. - Minor language and formatting improvements throughout the documentation.
v1.0.0
Initial release of the a2a-wallet skill. - Integrates with the a2a-wallet CLI for interacting with A2A agents. - Supports sending messages, streaming responses, managing tasks, x402 payment signing, and SIWE authentication. - Provides guidance for wallet login/logout, viewing wallet info, and configuration. - Documents handling of agent card extensions for x402 payments and SIWE authentication. - Compatible with macOS, Linux, and Windows (requires pre-installed a2a-wallet CLI).
Metadata
Slug a2a-wallet
Version 1.0.6
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 7
Frequently Asked Questions

What is a2a-wallet?

Use the a2a-wallet CLI to interact with A2A agents — send messages, stream responses, and manage tasks. Also supports x402 payment signing and local wallet m... It is an AI Agent Skill for Claude Code / OpenClaw, with 495 downloads so far.

How do I install a2a-wallet?

Run "/install a2a-wallet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is a2a-wallet free?

Yes, a2a-wallet is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does a2a-wallet support?

a2a-wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created a2a-wallet?

It is built and maintained by ost006 (@ost006); the current version is v1.0.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments