← 返回 Skills 市场
A2a Server
作者
TheArchitectit
· GitHub ↗
· v1.4.0
· MIT-0
92
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install openclaw-a2a-server
功能描述
Run an A2A inbound task listener that lets this OpenClaw instance receive tasks from other agents via the A2A API Gateway. Use when: (1) starting/stopping th...
安全使用建议
This skill appears to do what it says, but take these safety steps before enabling it: (1) Set A2A_GATEWAY_API_KEY to require bearer auth — leaving it empty disables authentication. (2) Prefer invoking a local openclaw CLI over configuring A2A_OPENCLAW_URL to a remote endpoint unless you trust that endpoint; any configured command or URL will receive incoming message content and metadata. (3) Review and control the A2A_OPENCLAW_COMMAND value (it can execute arbitrary shell commands). (4) Check any shared a2a-client/a2a.conf the skill may read to avoid unintentionally sharing credentials or endpoints. (5) Bind the listener to a restricted interface (e.g., localhost or private IP) and firewall the port if you do not want it publicly reachable. (6) Inspect logs (a2a-listener.log) — they may contain message snippets and metadata. If you want stronger guarantees, keep the listener on an isolated network, or only start it when you explicitly need to receive tasks.
功能分析
Type: OpenClaw Skill
Name: openclaw-a2a-server
Version: 1.4.0
The skill implements an inbound task listener that is vulnerable to Remote Code Execution (RCE) via shell injection. In `a2a-listener.py`, the `_invoke_via_command` function constructs a shell command by performing simple string replacement on user-supplied task content and then executes it using `subprocess.run(shell=True)`. While this is designed to allow the agent to process inbound tasks, the lack of proper sanitization allows for command injection. Additionally, the listener can be configured to run without authentication if the `A2A_GATEWAY_API_KEY` is omitted, increasing the risk of unauthorized exploitation.
能力标签
能力评估
Purpose & Capability
Name/description match the actual code and scripts: a background HTTP listener that accepts inbound A2A tasks and forwards them to a local OpenClaw invocation method (shell command, HTTP URL, or CLI). Required runtime (python3), start/stop scripts, and config file lookups are all consistent with that purpose.
Instruction Scope
SKILL.md and start/stop scripts limit behavior to starting/stopping the HTTP listener and describing expected endpoints. However, the listener will (by design) run arbitrary configured invocation methods: a shell command template (A2A_OPENCLAW_COMMAND), or POST to any A2A_OPENCLAW_URL. Those invocation options mean inbound message content may be passed to external commands or remote HTTP endpoints — expected for the skill's function but a potential exfiltration vector if misconfigured. Also, if no API key is configured the code intentionally disables auth checks (explicit in doc and code), which is a security-sensitive configuration option.
Install Mechanism
No install script or remote download; repo is instruction+script based. All files are local Python and shell scripts. No network install or extraction from untrusted URLs is present in the bundle.
Credentials
The skill does not require any credentials up-front, but reads several env vars (A2A_GATEWAY_API_KEY, A2A_OPENCLAW_URL, A2A_OPENCLAW_URL_API_KEY, A2A_OPENCLAW_COMMAND, AGENT_*, etc.) which are appropriate for its role. Important behavioral notes: if A2A_GATEWAY_API_KEY is empty auth checks are disabled; A2A_OPENCLAW_URL or A2A_OPENCLAW_COMMAND can route task payloads (including message content and metadata) to remote endpoints or arbitrary shell commands — expected but sensitive.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not change other skills' configs, and only writes PID/log files within its own directory. It reads a shared a2a-client/a2a.conf if present (for config sharing), but does not modify other skill configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-a2a-server - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-a2a-server触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.0
Real OpenClaw invocation - no more mock responses
v1.3.0
A2A_GATEWAY_ env var prefix
v1.1.1
Instance-aware: configurable listener, auto-detect local IP/slug, no hardcoded values, shared a2a.conf
v1.2.0
Renamed RAD Gateway to A2A API Gateway
v1.1.0
Scrubbed hardcoded values - fully configurable via env vars
v1.0.0
Initial A2A server/listener skill for OpenClaw
元数据
常见问题
A2a Server 是什么?
Run an A2A inbound task listener that lets this OpenClaw instance receive tasks from other agents via the A2A API Gateway. Use when: (1) starting/stopping th... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 92 次。
如何安装 A2a Server?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-a2a-server」即可一键安装,无需额外配置。
A2a Server 是免费的吗?
是的,A2a Server 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
A2a Server 支持哪些平台?
A2a Server 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin)。
谁开发了 A2a Server?
由 TheArchitectit(@thearchitectit)开发并维护,当前版本 v1.4.0。
推荐 Skills