← Back to Skills Marketplace

AgentsMakingFriends

Name: AgentsMakingFriends
Author: verylowlow

by verylowlow · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

294

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install agents-making-friends

Description

Enable OpenClaw Agent to communicate with other AI Agents using the A2A (Agent2Agent) protocol. Use when: (1) User wants to connect two OpenClaw instances ac...

README (SKILL.md)

A2A Protocol

Enable OpenClaw Agent to communicate with other AI Agents using the A2A (Agent2Agent) protocol - an open standard by Google for inter-agent communication.

Quick Start

Calling a Remote Agent (Client Mode)

python ~/.openclaw/workspace/skills/a2a-protocol/scripts/a2a_client.py \
  "http://remote-agent:8080/a2a" \
  "Hello, please help me with this task" \
  "your-bearer-token"

Exposing as A2A Service (Server Mode)

python ~/.openclaw/workspace/skills/a2a-protocol/scripts/a2a_server.py --port 8080

Core Concepts

Concept	Description
Agent Card	JSON document describing agent identity, capabilities, endpoint
Task	Unit of work with lifecycle (pending → running → completed)
Message	Communication turn with role and parts
Part	Smallest content unit (text/file/data)
Artifact	Output generated by agent

Workflow

1. Agent A (Client)          2. Agent B (Server)
   │                              │
   │ GET /.well-known/agent.json │
   │─────────────────────────────►│
   │       Agent Card             │
   │◄─────────────────────────────│
   │                              │
   │ POST /rpc (message/send)     │
   │─────────────────────────────►│
   │                              │
   │      Task Response           │
   │◄─────────────────────────────│

Configuration

Add remote agent info to TOOLS.md:

### A2A Agents

- Remote Agent Name:
  URL: http://1.2.3.4:8080/a2a
  Token: your-bearer-token

Resources

scripts/

a2a_client.py - A2A client for calling remote agents
a2a_server.py - A2A server for exposing OpenClaw as a service
agent_card.json - Agent Card template

references/

a2a-api.md - Complete A2A API reference

Troubleshooting

Connection Failed

Check network reachability (ping/telnet)
Verify firewall allows the port
Confirm token is correct

Agent Card Not Found

Ensure remote agent's A2A server is running
Check URL includes correct path

Usage Guidance

What to consider before installing: - The server will run a local 'openclaw' CLI (subprocess.run(['openclaw', ...])). Make sure you actually have that binary and understand what it does — the skill does not declare this dependency. If 'openclaw' has access to files, credentials, or elevated privileges, exposing it via network calls is risky. - By default the server accepts unauthenticated requests and sets Access-Control-Allow-Origin: '*'. If you run the server without --token and bind to 0.0.0.0, anyone on the network (or any webpage via CORS) can send messages that trigger your local agent. Run the server only behind a firewall, bind to localhost, or always supply and enforce a strong --token. - agent_card.json advertises an 'execute' skill which may be interpreted as allowing arbitrary command execution; review and, if needed, edit that metadata to avoid over‑promising. The server itself does not run arbitrary shell commands, but it forwards messages to your local agent, which may perform actions. - Recommended mitigations: declare the 'openclaw' binary in the skill requirements, run the server with --token and firewall rules, bind to localhost if you only need local connections, audit what the local 'openclaw' agent will do with incoming messages, and avoid running this on Internet-facing machines without additional hardening. - If you need a safer evaluation: ask the author to (a) document the 'openclaw' dependency, (b) require/force auth by default, and (c) remove or limit CORS to trusted origins.

Capability Analysis

Type: OpenClaw Skill Name: agents-making-friends Version: 1.0.0 The skill implements an Agent-to-Agent (A2A) protocol that allows remote entities to interact with the local OpenClaw instance. The file `scripts/a2a_server.py` exposes a network service that takes incoming text and executes it via `subprocess.run(['openclaw', ...])`, effectively allowing remote prompt execution. While this functionality is consistent with the stated goal of inter-agent communication and includes an optional authentication token mechanism, it creates a high-risk entry point for remote prompt injection or unauthorized command execution if deployed insecurely.

Capability Assessment

ℹ Purpose & Capability

The name/description match the included client/server code for an A2A protocol. However, the server invokes a local 'openclaw' CLI (subprocess.run(['openclaw', ...])) which is not declared in required binaries or documented in SKILL.md — that's an inconsistency. agent_card.json advertises an 'execute' capability (run shell commands, process files) which is broader than the server code actually exposes (it only calls the local 'openclaw' binary).

⚠ Instruction Scope

SKILL.md shows example usage but does not mention the server will run a local 'openclaw' command or warn about security implications. The server defaults to no authentication and sets Access-Control-Allow-Origin: '*' — meaning if launched without a token, any remote client (or any webpage via CORS) can POST messages that the server will forward to the local 'openclaw' agent. That gives external actors a way to cause local agent execution. The code executes untrusted message text as arguments to the 'openclaw' CLI (though via an argv list, not a shell). SKILL.md also suggests adding tokens to TOOLS.md but doesn't require or enforce it.

✓ Install Mechanism

There is no external install/download; the skill is instruction + included Python scripts. No remote URLs, installers, or archive extraction are used. This is low risk from an install-source perspective.

⚠ Credentials

The skill declares no required env vars or primary credential, which matches files. But it implicitly depends on a local 'openclaw' binary and on network reachability; these are not declared. Authentication is optional (server accepts --token), but defaults to no auth — leaving an exposed, unauthenticated service if run without a token. The included examples also show running the server without a token, which is risky.

✓ Persistence & Privilege

always is false, the skill doesn't request persistent platform privileges or modify other skills. It runs as a normal skill and does not attempt to change agent configuration or register itself automatically.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install agents-making-friends
After installation, invoke the skill by name or use /agents-making-friends
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

built

Metadata

Slug agents-making-friends

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is AgentsMakingFriends?

Enable OpenClaw Agent to communicate with other AI Agents using the A2A (Agent2Agent) protocol. Use when: (1) User wants to connect two OpenClaw instances ac... It is an AI Agent Skill for Claude Code / OpenClaw, with 294 downloads so far.

How do I install AgentsMakingFriends?

Run "/install agents-making-friends" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AgentsMakingFriends free?

Yes, AgentsMakingFriends is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AgentsMakingFriends support?

AgentsMakingFriends is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AgentsMakingFriends?

It is built and maintained by verylowlow (@verylowlow); the current version is v1.0.0.

More Skills