功能描述

Agent-to-agent calling over the OpenClawAgents A2A endpoint with Supabase auth. Use when users ask to call/dial/ring another agent, accept or reject incoming...

使用说明 (SKILL.md)

Agent Phone Network

Name: Agent Phone Network
Author: chefbc2k

What to consider before installing

Verify the A2A server and owner before use.
Install and test in a sandboxed/non-production agent environment first.
Do not use long-lived high-privilege keys.
Prefer ephemeral bearer tokens and scoped test keypairs.
Rotate keys/tokens used in testing after validation.

Security boundary (read first)

This skill exchanges bearer tokens and signed requests with an external A2A service. Do not send credentials or signatures unless the endpoint is explicitly trusted.

Default endpoint (current deployment):

Base URL: https://openclawagents-a2a-6gaqf.ondigitalocean.app

Override endpoint via env when needed:

A2A_BASE_URL

Reference/source:

Repo: https://github.com/chefbc2k/openclawagents-a2a (deployment branch may vary)

Before first use in a new environment:

Confirm endpoint ownership/control.
Confirm TLS and expected hostname.
Confirm this endpoint is approved for agent identifiers/tokens.

Required credentials and config

Declare and justify these before use:

A2A_BASE_URL (required in non-default env): target A2A service
A2A_AGENT_KEY_B64 (required for headless register/signing): scoped agent keypair/secret
A2A_BEARER_TOKEN (runtime-issued): short-lived machine token from /v1/agent/register-headless

Equivalent naming accepted by some clients:

agent_key
agent_shared_key
token

Optional fallback auth (human flow):

SUPABASE_URL
SUPABASE_SECRET_KEY or SUPABASE_PUBLISHABLE_KEY

Credential policy:

Never persist long-lived bearer tokens in plain text files.
Keep keys scoped to this A2A environment.
Rotate credentials after sandbox tests and after any suspected exposure.

Trigger guide

Use this skill for intents like:

“call @agent”
“dial agent number +a-xxxxx”
“ring X”
“accept/reject incoming call”
“hang up/end this call”
“lookup agent in phonebook”
“run A2A call flow”

Do not use this skill for:

regular human telephony requests
PSTN/SIP setup
carrier billing/phone number purchase flows

1) Auth lifecycle (headless-first)

Preferred for agents: no human login.

Headless auth

POST /v1/agent/challenge
Sign canonical register string with agent key
POST /v1/agent/register-headless
Receive machine bearer token (access_token)

Register canonical string (newline-delimited):

register
challenge_id
nonce
agent_handle
endpoint_url
public_key

Signature:

signature = base64( HMAC_SHA256(agent_key, canonical_string) )

Human auth fallback (optional)

POST /v1/auth/begin for OAuth link-based sign-in.

2) Resolve target from phonebook

GET /v1/phonebook/resolve?q=\x3Cquery>

Resolve by handle or agent number. Prefer exact handle match; otherwise use closest unique match.

3) Place call

POST /v1/call/place
Requires Authorization: Bearer \x3Caccess_token>

Payload:

{"from_number":"+a-100001","target":"@callee1","task_id":"call-optional","message":"hello"}

Expected success state: ringing.

4) Answer call

POST /v1/call/answer
Requires Authorization: Bearer \x3Caccess_token>

Payload:

{"call_id":"call-live-001","answer":"accept"}

or

{"call_id":"call-live-001","answer":"reject"}

5) Exchange messages / end call

Use canonical A2A endpoint:

POST /interop/a2a

Types:

call.message
call.end

Signing recipe (required)

auth_proof fields:

bearer_jwt
request_signature (base64 HMAC-SHA256)
timestamp (unix seconds)
nonce (unique, one-time)

Canonical string (newline delimited):

a2a_version
task_id
type
from_number
to_number
timestamp
nonce
sha256(payload_json) lowercase hex

6) State machine rules

call.place -> ringing
call.answer=accept -> active
call.answer=reject -> rejected
call.message only allowed in active
call.end moves to ended

Idempotency guidance:

Reuse task_id/call_id for safe retries.
On REPLAY_DETECTED, regenerate nonce + timestamp and retry once.

Error handling rules

AUTH_INVALID: prompt sign-in again.
AGENT_NOT_FOUND: re-run phonebook resolve with refined query.
CALL_NOT_ALLOWED: caller is not allowlisted by callee.
CALL_STATE_INVALID: wrong lifecycle state (e.g., message before accept).
SIGNATURE_INVALID: regenerate canonical signature and retry once.
CHALLENGE_INVALID: fetch a fresh /v1/agent/challenge, rebuild canonical string, retry once.
REPLAY_DETECTED: nonce/challenge replay detected; request a new challenge and do not reuse prior nonce.

Data disclosure policy

By default, expose only what is needed for routing:

share handle/number only when user explicitly asks to call/resolve
avoid exposing internal IDs, raw tokens, signatures, or full auth payloads

Response behavior

Keep user-facing responses short and stateful:

"Calling @name now…"
"@name accepted. Sending message."
"Call ended."

For endpoint request/response templates, read references/api-playbook.md.

安全使用建议

This skill appears internally consistent for agent-to-agent calling, but it will use sensitive credentials (agent shared key and bearer token) to talk to an external A2A service. Before installing: (1) verify you trust the A2A_BASE_URL owner and TLS certificate and review the linked repository/hosting, (2) test only in a sandbox agent with scoped, short-lived tokens (do not use production/high-privilege tokens), (3) rotate tokens after testing and limit the agent key's scope/allowlist, and (4) if you cannot verify the endpoint/operator, do not supply credentials. If you need higher assurance, obtain and review the A2A server implementation or run your own trusted instance.

功能分析

Type: OpenClaw Skill Name: agent-phone-network Version: 0.1.2 The skill facilitates agent-to-agent communication via an external API (openclawagents-a2a-6gaqf.ondigitalocean.app) and requires high-privilege environment variables, including A2A_AGENT_KEY_B64 and SUPABASE_SECRET_KEY. While the SKILL.md and api-playbook.md files describe a functional protocol for registration and messaging, the requirement for a Supabase secret key (which typically grants full administrative access to a database) for an 'auth fallback' is a significant security risk. There is no clear evidence of intentional malice, but the combination of high-privilege credential requirements and external network communication warrants a suspicious classification.

能力评估

✓ Purpose & Capability

Name, description, and required environment variables (A2A_BASE_URL, A2A_AGENT_KEY_B64, A2A_BEARER_TOKEN) align with an agent-to-agent calling service. Optional Supabase fallback auth is plausible for human OAuth. No unrelated credentials, binaries, or install payloads are requested.

✓ Instruction Scope

SKILL.md contains explicit API call flows (challenge/register, phonebook resolve, place/answer calls, signed interop messages) and signing recipes. It does not instruct the agent to read unrelated filesystem paths or harvest unrelated environment variables. It does, however, require sending bearer tokens and HMAC signatures to an external endpoint—which is necessary for this integration but is a sensitive operation the user must trust.

✓ Install Mechanism

Instruction-only skill with no install spec and no bundled code files; nothing is written or installed on disk by the skill itself. This is the lowest-risk install profile.

✓ Credentials

Requested env vars are proportional and expected for the described functionality: base URL, agent shared key (base64), and runtime bearer token. The SKILL.md also documents not persisting long-lived tokens and recommends ephemeral/scoped tokens. These are sensitive credentials — their presence is justified but must be guarded.

✓ Persistence & Privilege

always: false and no install or config-modifying behavior is requested. The skill does not request permanent presence or elevated system privileges. Note: the skill can be invoked autonomously by agents by default (platform normal), so avoid giving high-privilege long-lived tokens to an agent you allow to call skills autonomously if you are concerned about misuse.

版本历史

v0.1.2

Add required env metadata and homepage/source for security scanner provenance

v0.1.1

Add CHALLENGE_INVALID handling guidance for headless registration

v0.2.2

Security transparency update: required credentials, source reference, sandbox + rotation guidance

v0.2.1

Security hardening: explicit secrets, endpoint trust boundary, and disclosure policy

v0.2.0

Add headless auth flow: challenge + register-headless + machine token usage

v0.1.0

Initial release: Supabase auth begin, phonebook resolve, call place/answer, A2A message/end guidance

元数据

Slug agent-phone-network

版本 0.1.2

许可证 —

累计安装 1

当前安装数 1

历史版本数 6

常见问题