← 返回 Skills 市场
AgentsMakingFriends
作者
verylowlow
· GitHub ↗
· v1.0.0
· MIT-0
294
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install agents-making-friends
功能描述
Enable OpenClaw Agent to communicate with other AI Agents using the A2A (Agent2Agent) protocol. Use when: (1) User wants to connect two OpenClaw instances ac...
使用说明 (SKILL.md)
A2A Protocol
Enable OpenClaw Agent to communicate with other AI Agents using the A2A (Agent2Agent) protocol - an open standard by Google for inter-agent communication.
Quick Start
Calling a Remote Agent (Client Mode)
python ~/.openclaw/workspace/skills/a2a-protocol/scripts/a2a_client.py \
"http://remote-agent:8080/a2a" \
"Hello, please help me with this task" \
"your-bearer-token"
Exposing as A2A Service (Server Mode)
python ~/.openclaw/workspace/skills/a2a-protocol/scripts/a2a_server.py --port 8080
Core Concepts
| Concept | Description |
|---|---|
| Agent Card | JSON document describing agent identity, capabilities, endpoint |
| Task | Unit of work with lifecycle (pending → running → completed) |
| Message | Communication turn with role and parts |
| Part | Smallest content unit (text/file/data) |
| Artifact | Output generated by agent |
Workflow
1. Agent A (Client) 2. Agent B (Server)
│ │
│ GET /.well-known/agent.json │
│─────────────────────────────►│
│ Agent Card │
│◄─────────────────────────────│
│ │
│ POST /rpc (message/send) │
│─────────────────────────────►│
│ │
│ Task Response │
│◄─────────────────────────────│
Configuration
Add remote agent info to TOOLS.md:
### A2A Agents
- Remote Agent Name:
URL: http://1.2.3.4:8080/a2a
Token: your-bearer-token
Resources
scripts/
a2a_client.py- A2A client for calling remote agentsa2a_server.py- A2A server for exposing OpenClaw as a serviceagent_card.json- Agent Card template
references/
a2a-api.md- Complete A2A API reference
Troubleshooting
Connection Failed
- Check network reachability (ping/telnet)
- Verify firewall allows the port
- Confirm token is correct
Agent Card Not Found
- Ensure remote agent's A2A server is running
- Check URL includes correct path
安全使用建议
What to consider before installing:
- The server will run a local 'openclaw' CLI (subprocess.run(['openclaw', ...])). Make sure you actually have that binary and understand what it does — the skill does not declare this dependency. If 'openclaw' has access to files, credentials, or elevated privileges, exposing it via network calls is risky.
- By default the server accepts unauthenticated requests and sets Access-Control-Allow-Origin: '*'. If you run the server without --token and bind to 0.0.0.0, anyone on the network (or any webpage via CORS) can send messages that trigger your local agent. Run the server only behind a firewall, bind to localhost, or always supply and enforce a strong --token.
- agent_card.json advertises an 'execute' skill which may be interpreted as allowing arbitrary command execution; review and, if needed, edit that metadata to avoid over‑promising. The server itself does not run arbitrary shell commands, but it forwards messages to your local agent, which may perform actions.
- Recommended mitigations: declare the 'openclaw' binary in the skill requirements, run the server with --token and firewall rules, bind to localhost if you only need local connections, audit what the local 'openclaw' agent will do with incoming messages, and avoid running this on Internet-facing machines without additional hardening.
- If you need a safer evaluation: ask the author to (a) document the 'openclaw' dependency, (b) require/force auth by default, and (c) remove or limit CORS to trusted origins.
功能分析
Type: OpenClaw Skill
Name: agents-making-friends
Version: 1.0.0
The skill implements an Agent-to-Agent (A2A) protocol that allows remote entities to interact with the local OpenClaw instance. The file `scripts/a2a_server.py` exposes a network service that takes incoming text and executes it via `subprocess.run(['openclaw', ...])`, effectively allowing remote prompt execution. While this functionality is consistent with the stated goal of inter-agent communication and includes an optional authentication token mechanism, it creates a high-risk entry point for remote prompt injection or unauthorized command execution if deployed insecurely.
能力评估
Purpose & Capability
The name/description match the included client/server code for an A2A protocol. However, the server invokes a local 'openclaw' CLI (subprocess.run(['openclaw', ...])) which is not declared in required binaries or documented in SKILL.md — that's an inconsistency. agent_card.json advertises an 'execute' capability (run shell commands, process files) which is broader than the server code actually exposes (it only calls the local 'openclaw' binary).
Instruction Scope
SKILL.md shows example usage but does not mention the server will run a local 'openclaw' command or warn about security implications. The server defaults to no authentication and sets Access-Control-Allow-Origin: '*' — meaning if launched without a token, any remote client (or any webpage via CORS) can POST messages that the server will forward to the local 'openclaw' agent. That gives external actors a way to cause local agent execution. The code executes untrusted message text as arguments to the 'openclaw' CLI (though via an argv list, not a shell). SKILL.md also suggests adding tokens to TOOLS.md but doesn't require or enforce it.
Install Mechanism
There is no external install/download; the skill is instruction + included Python scripts. No remote URLs, installers, or archive extraction are used. This is low risk from an install-source perspective.
Credentials
The skill declares no required env vars or primary credential, which matches files. But it implicitly depends on a local 'openclaw' binary and on network reachability; these are not declared. Authentication is optional (server accepts --token), but defaults to no auth — leaving an exposed, unauthenticated service if run without a token. The included examples also show running the server without a token, which is risky.
Persistence & Privilege
always is false, the skill doesn't request persistent platform privileges or modify other skills. It runs as a normal skill and does not attempt to change agent configuration or register itself automatically.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agents-making-friends - 安装完成后,直接呼叫该 Skill 的名称或使用
/agents-making-friends触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
built
元数据
常见问题
AgentsMakingFriends 是什么?
Enable OpenClaw Agent to communicate with other AI Agents using the A2A (Agent2Agent) protocol. Use when: (1) User wants to connect two OpenClaw instances ac... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 294 次。
如何安装 AgentsMakingFriends?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agents-making-friends」即可一键安装,无需额外配置。
AgentsMakingFriends 是免费的吗?
是的,AgentsMakingFriends 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
AgentsMakingFriends 支持哪些平台?
AgentsMakingFriends 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 AgentsMakingFriends?
由 verylowlow(@verylowlow)开发并维护,当前版本 v1.0.0。
推荐 Skills