← Back to Skills Marketplace
wolfuser45

A2WF — Agent-to-Web Framework

by Wolfuser45 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
151
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install a2wf
Description
Validate, generate, and audit A2WF siteai.json files — the open standard for AI agent governance on websites. Use when working with siteai.json policies, che...
README (SKILL.md)

A2WF — Agent-to-Web Framework

A2WF is an open standard that defines what AI agents can and cannot do on a website via a machine-readable siteai.json file at the site root. Think of it as a legally actionable robots.txt for AI agents.

  • Spec: \x3Chttps://a2wf.org/specification/>
  • GitHub: \x3Chttps://github.com/a2wf/spec>
  • Schema: \x3Chttps://a2wf.org/schema/core-v1.0.json>

Commands

1. Validate — Check a siteai.json

Validate a siteai.json file against the A2WF v1.0 spec. The validator is local-only (no network requests).

# Validate a local file
node {baseDir}/scripts/validate.mjs /path/to/siteai.json

# Validate from stdin
echo '{"specVersion":"1.0",...}' | node {baseDir}/scripts/validate.mjs --stdin

To validate a live website: Use web_fetch to download https://example.com/siteai.json, save to a temp file, then validate it.

Output: errors (must fix), warnings (should fix), info (suggestions). Exit 0 = valid, exit 1 = invalid.

If the user pastes raw JSON instead of a file path, save it to a temp file first, then validate.

2. Generate — Create a siteai.json

Build a spec-compliant siteai.json interactively or from parameters.

node {baseDir}/scripts/generate.mjs \
  --domain "https://example.com" \
  --name "Example Store" \
  --language "en" \
  --category "e-commerce" \
  --jurisdiction "EU"

When used interactively (no flags), ask the user:

  1. Domain and site name
  2. Category (e-commerce, news, healthcare, banking, restaurant, saas, other)
  3. Jurisdiction and applicable laws
  4. For each permission group (read/action/data): which operations to allow/deny
  5. Rate limits, agent identification requirements, scraping policy

Output is a complete, validated siteai.json ready to deploy at the site root.

3. Audit — Analyze a website's A2WF posture

node {baseDir}/scripts/validate.mjs https://example.com --audit

Performs:

  • Discovery check: Does /siteai.json exist? Correct content-type?
  • Schema validation against core v1.0
  • Permission completeness: Are critical permissions (scraping, account creation, data access) explicitly set?
  • Legal coverage: Are jurisdiction and applicable laws declared?
  • Extension check: Are companion extensions present and valid?

Outputs a structured report with a compliance score (0–100).

Quick Reference

siteai.json structure (v1.0)

{
  "specVersion": "1.0",
  "identity": {
    "domain": "https://example.com",
    "name": "Site Name",
    "inLanguage": "en",
    "jurisdiction": "EU",
    "applicableLaw": ["GDPR", "EU AI Act"]
  },
  "permissions": {
    "read":   { "productCatalog": {"allowed": true, "rateLimit": 60} },
    "action": { "createAccount":  {"allowed": false} },
    "data":   { "customerRecords": {"allowed": false} }
  }
}

Permission groups

Group Controls Key examples
read What agents can read productCatalog, pricing, reviews, faq, contactInfo
action What agents can do search, addToCart, checkout, createAccount, submitContactForm
data What data agents can access customerRecords, orderHistory, paymentInfo, employeeData

Category templates

Use --category with generate to start from a template: ecommerce, banking, healthcare, news-media, restaurant, saas.

For agent developers

When browsing a website, check for siteai.json at the domain root before taking actions. Respect the declared permissions — violations are documented and legally actionable under the declared jurisdiction.

See the full Agent Implementer Guide: {baseDir}/references/implementer-guide.md

Usage Guidance
This skill appears to implement what it claims (siteai.json generation/validation/audit) and contains only small Node.js scripts that use built-in APIs. Before installing/using it: - Confirm you (or the agent) have a Node.js 20+ runtime available; the registry lists no required binaries but the scripts are node modules (shebang + use of node: builtins). - The SKILL.md expects the agent to have the exec tool (to run node) and web_fetch (to fetch live /siteai.json). Verify your agent's exec permission scope — granting exec lets the skill run arbitrary commands, so limit it if you don't trust the skill. - Review the included scripts locally (they are short and readable); they perform only JSON parsing/validation and do not phone home. Running them will read whatever file or stdin you provide and may write an output file if you pass --output. - Be cautious when validating private or sensitive site content: piping sensitive documents into the validator will expose them to whatever environment executes the script (stdout/stderr, logs). Run in a sandbox if unsure. - If you need assurance, ask the publisher to update registry metadata to declare Node as a required runtime and to include an explicit tool/permission list; that would remove the main inconsistency observed here.
Capability Analysis
Type: OpenClaw Skill Name: a2wf Version: 1.0.1 The skill bundle provides legitimate tools for the A2WF (Agent-to-Web Framework) standard, including scripts for validating, generating, and auditing 'siteai.json' governance files. The Node.js scripts (validate.mjs and generate.mjs) use standard file I/O and logic to process JSON data according to the A2WF specification, with no evidence of malicious intent, data exfiltration, or unauthorized command execution. The documentation and SKILL.md instructions are consistent with the stated purpose and do not contain prompt-injection attacks or hidden malicious payloads.
Capability Assessment
Purpose & Capability
The name/description match the included files: generate.mjs and validate.mjs implement generation, local validation, and an audit mode for siteai.json files. However, the registry lists no required binaries while the runtime scripts are Node.js modules (#!/usr/bin/env node) — the skill implicitly requires a Node 20+ runtime and the agent's ability to exec commands. SKILL.md metadata also declares dependence on agent tools (web_fetch, exec) while the registry's required-binaries section is empty. This is an inconsistency the user should be aware of.
Instruction Scope
SKILL.md instructions and the included scripts stay on task: discovering/fetching siteai.json (via web_fetch), validating against schema, generating template documents, and producing an audit report. The validator is explicit about local-only validation and the generator writes to stdout or an output file. There are no instructions to read unrelated system files, access environment variables, or transmit collected data to hidden endpoints. The only external activity recommended is using web_fetch to download a site's /siteai.json, which is appropriate for the stated purpose.
Install Mechanism
No install spec; this is instruction-only with small reference scripts included. Nothing is downloaded or written by an installer. The risk surface is limited to executing the included scripts locally (they use only Node builtins). The main operational dependency (Node runtime) is not declared in the registry metadata — not an installation risk per se, but a packaging/documentation omission.
Credentials
The skill requests no environment variables, credentials, or config paths. That aligns with its purpose: validating/generating JSON policies does not require secrets. The SKILL.md does expect agent tools (web_fetch and exec) but these are agent tool permissions rather than environment credentials; they are proportional to enabling live-site validation and running the provided Node scripts.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request persistent system presence or modify other skills. Its actions are local (running Node scripts, optionally writing an output file) and do not alter agent configuration or persist credentials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install a2wf
  3. After installation, invoke the skill by name or use /a2wf
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
v1.0.1: Validator is now local-only (no network requests). Use web_fetch for live website checks.
v1.0.0
Initial release
Metadata
Slug a2wf
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is A2WF — Agent-to-Web Framework?

Validate, generate, and audit A2WF siteai.json files — the open standard for AI agent governance on websites. Use when working with siteai.json policies, che... It is an AI Agent Skill for Claude Code / OpenClaw, with 151 downloads so far.

How do I install A2WF — Agent-to-Web Framework?

Run "/install a2wf" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is A2WF — Agent-to-Web Framework free?

Yes, A2WF — Agent-to-Web Framework is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does A2WF — Agent-to-Web Framework support?

A2WF — Agent-to-Web Framework is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created A2WF — Agent-to-Web Framework?

It is built and maintained by Wolfuser45 (@wolfuser45); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments