ClawHub

A2A Marketplace

v2.0.0

AI tool marketplace via AgentForge — discover, compare, and execute tools with automatic billing and trust scoring.

0· 525·0 current·0 all-time
byLê Minh Hiếu@paparusi
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and runtime instructions consistently describe an AI tool marketplace (discover, get schema, execute, check balance). The single declared install (npm package @a2a/openclaw-plugin) is coherent with providing marketplace functionality. However, the SKILL.md does not document how authentication, account linking, or billing credentials are provided even though the skill describes automatic billing and balance checks—this is an unexplained omission.
!
Instruction Scope
Instructions limit the agent to marketplace actions (forge_discover, forge_execute, etc.) and do not request unrelated files or env vars. But the workflow explicitly executes third‑party tools with automatic billing; that implies sending user inputs to external tool providers and financial operations. The SKILL.md gives no guidance on what data may be transmitted, how billing is authorized, or how to limit/exclude sensitive data—this broadens the runtime impact beyond a simple query tool.
!
Install Mechanism
The install is an npm package (@a2a/openclaw-plugin), which is a plausible mechanism for this functionality. However, there is no homepage or source repository listed in the skill metadata, so the package provenance is unknown. Installing an unvetted npm plugin can execute arbitrary code; the manifest provides no verification steps or alternative trusted sources.
!
Credentials
The skill declares no required environment variables or primary credential, yet it offers balance checks and automatic billing. A marketplace plugin typically needs account credentials, API keys, or payment tokens; the absence of any declared auth mechanism is an inconsistency. That could mean the plugin expects implicit platform-level credentials (not documented) or that necessary secrets/permissions are being omitted from the manifest.
Persistence & Privilege
The skill does not request always:true and defaults for autonomous invocation are unchanged. It does not declare config paths or system-wide modifications. Those properties are proportionate; however, autonomous invocation combined with billing-capable marketplace operations increases impact if provenance/auth are unclear.
What to consider before installing
This skill looks like a legitimate marketplace plugin, but several red flags mean you should verify a few things before installing: - Confirm package provenance: locate the @a2a/openclaw-plugin package on a trusted registry or source (npm page, GitHub repo) and review its maintainer, README, and recent releases. Do not install an unpublished/unknown package without review. - Ask how authentication and billing are handled: the SKILL.md mentions automatic billing and balance checks but provides no instructions for supplying API keys, account tokens, or payment methods. Ensure you understand what credentials will be used and where they are stored. - Understand data flows: tools executed via this marketplace will receive the inputs you provide. If you will pass sensitive data, confirm vendor privacy, permitted data retention, and whether you can limit or redact data before execution. - Verify safeguards: check for budget limits, spending alerts, or an explicit opt‑in per execution to avoid unexpected charges. - Test in a safe environment: if possible, run trial calls with non-sensitive inputs and minimal budget, and monitor network/requests during plugin installation. If you cannot verify the plugin's source, authentication method, and billing controls, consider not installing or request a vendor-provided security/privacy document before proceeding.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🏪 Clawdis

Install

Install A2A Corp pluginnpm i -g @a2a/openclaw-plugin
ai-toolsvk97aqt8gda9yydvpj0p2znybcd81mzs0latestvk97aqt8gda9yydvpj0p2znybcd81mzs0marketplacevk97aqt8gda9yydvpj0p2znybcd81mzs0
525downloads
0stars
1versions
Updated 1mo ago
v2.0.0
MIT-0
Lê Minh Hiếu@paparusi
ai-toolslatestmarketplace
Download

A2A Marketplace (AgentForge)

Use the AgentForge marketplace tools to discover, evaluate, and execute AI tools from a curated marketplace.

Quick Start

Search for tools:

Use forge_discover to find a tool for "sentiment analysis"

Execute a tool:

Use forge_execute with toolId "tool-abc" and input { "text": "Hello world" }

Available Tools

ToolDescription
forge_discoverSearch marketplace by query, category, price, trust score, tags
forge_executeExecute a tool (billing applied automatically)
forge_get_schemaGet input/output schema for a tool
forge_balanceCheck agent balance, spending, and tier
forge_list_categoriesList all tool categories
forge_batch_executeExecute up to 10 tools in parallel

Workflows

Find the best tool for a task

  1. Use forge_discover with your query and optional filters (category, maxPrice, minTrustScore)
  2. Use forge_get_schema to understand the input format
  3. Use forge_execute to run the tool

Budget-conscious execution

  1. Use forge_balance to check remaining budget
  2. Use forge_discover with maxPrice filter
  3. Compare tools by trust score and price
  4. Execute with confidence

Batch processing

Use forge_batch_execute to run multiple tools at once:

{
  "calls": [
    { "toolId": "sentiment-v2", "input": { "text": "Great product!" } },
    { "toolId": "translate-en-vi", "input": { "text": "Hello world" } }
  ]
}

Categories

Common categories: nlp, vision, code, data, audio, security, blockchain, productivity

Trust Scores

Tools are scored 0-100 based on:

  • Uptime and reliability
  • Response time
  • User ratings
  • Security audit status
  • API compliance

Comments

Loading comments...