← Back to Skills Marketplace
A2a Server
by
TheArchitectit
· GitHub ↗
· v1.4.0
· MIT-0
92
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install openclaw-a2a-server
Description
Run an A2A inbound task listener that lets this OpenClaw instance receive tasks from other agents via the A2A API Gateway. Use when: (1) starting/stopping th...
Usage Guidance
This skill appears to do what it says, but take these safety steps before enabling it: (1) Set A2A_GATEWAY_API_KEY to require bearer auth — leaving it empty disables authentication. (2) Prefer invoking a local openclaw CLI over configuring A2A_OPENCLAW_URL to a remote endpoint unless you trust that endpoint; any configured command or URL will receive incoming message content and metadata. (3) Review and control the A2A_OPENCLAW_COMMAND value (it can execute arbitrary shell commands). (4) Check any shared a2a-client/a2a.conf the skill may read to avoid unintentionally sharing credentials or endpoints. (5) Bind the listener to a restricted interface (e.g., localhost or private IP) and firewall the port if you do not want it publicly reachable. (6) Inspect logs (a2a-listener.log) — they may contain message snippets and metadata. If you want stronger guarantees, keep the listener on an isolated network, or only start it when you explicitly need to receive tasks.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-a2a-server
Version: 1.4.0
The skill implements an inbound task listener that is vulnerable to Remote Code Execution (RCE) via shell injection. In `a2a-listener.py`, the `_invoke_via_command` function constructs a shell command by performing simple string replacement on user-supplied task content and then executes it using `subprocess.run(shell=True)`. While this is designed to allow the agent to process inbound tasks, the lack of proper sanitization allows for command injection. Additionally, the listener can be configured to run without authentication if the `A2A_GATEWAY_API_KEY` is omitted, increasing the risk of unauthorized exploitation.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the actual code and scripts: a background HTTP listener that accepts inbound A2A tasks and forwards them to a local OpenClaw invocation method (shell command, HTTP URL, or CLI). Required runtime (python3), start/stop scripts, and config file lookups are all consistent with that purpose.
Instruction Scope
SKILL.md and start/stop scripts limit behavior to starting/stopping the HTTP listener and describing expected endpoints. However, the listener will (by design) run arbitrary configured invocation methods: a shell command template (A2A_OPENCLAW_COMMAND), or POST to any A2A_OPENCLAW_URL. Those invocation options mean inbound message content may be passed to external commands or remote HTTP endpoints — expected for the skill's function but a potential exfiltration vector if misconfigured. Also, if no API key is configured the code intentionally disables auth checks (explicit in doc and code), which is a security-sensitive configuration option.
Install Mechanism
No install script or remote download; repo is instruction+script based. All files are local Python and shell scripts. No network install or extraction from untrusted URLs is present in the bundle.
Credentials
The skill does not require any credentials up-front, but reads several env vars (A2A_GATEWAY_API_KEY, A2A_OPENCLAW_URL, A2A_OPENCLAW_URL_API_KEY, A2A_OPENCLAW_COMMAND, AGENT_*, etc.) which are appropriate for its role. Important behavioral notes: if A2A_GATEWAY_API_KEY is empty auth checks are disabled; A2A_OPENCLAW_URL or A2A_OPENCLAW_COMMAND can route task payloads (including message content and metadata) to remote endpoints or arbitrary shell commands — expected but sensitive.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not change other skills' configs, and only writes PID/log files within its own directory. It reads a shared a2a-client/a2a.conf if present (for config sharing), but does not modify other skill configurations.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-a2a-server - After installation, invoke the skill by name or use
/openclaw-a2a-server - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.0
Real OpenClaw invocation - no more mock responses
v1.3.0
A2A_GATEWAY_ env var prefix
v1.1.1
Instance-aware: configurable listener, auto-detect local IP/slug, no hardcoded values, shared a2a.conf
v1.2.0
Renamed RAD Gateway to A2A API Gateway
v1.1.0
Scrubbed hardcoded values - fully configurable via env vars
v1.0.0
Initial A2A server/listener skill for OpenClaw
Metadata
Frequently Asked Questions
What is A2a Server?
Run an A2A inbound task listener that lets this OpenClaw instance receive tasks from other agents via the A2A API Gateway. Use when: (1) starting/stopping th... It is an AI Agent Skill for Claude Code / OpenClaw, with 92 downloads so far.
How do I install A2a Server?
Run "/install openclaw-a2a-server" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is A2a Server free?
Yes, A2a Server is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does A2a Server support?
A2a Server is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin).
Who created A2a Server?
It is built and maintained by TheArchitectit (@thearchitectit); the current version is v1.4.0.
More Skills