A2A Delegation Setup
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent setup guide, but users should notice that it installs/enables a third-party delegation plugin, changes OpenClaw Gateway configuration, and sets remote agent targets.
Before installing, confirm that you trust @aramisfa/openclaw-a2a-outbound, verify the target base URL, avoid enabling direct URL overrides unless needed, and approve Gateway config edits or restarts only when you are ready for those changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the plugin can add new behavior to the OpenClaw Gateway, so the user should trust the plugin source before proceeding.
The skill guides installation of a third-party OpenClaw plugin. This is central to the stated setup purpose and uses --pin, but it still means the user is adding external plugin code to the Gateway environment.
openclaw plugins install @aramisfa/openclaw-a2a-outbound --pin
Review the linked plugin project and package identity before approving installation or updates.
Approved commands can change the Gateway’s installed plugins and runtime configuration, and restarting may interrupt active use.
The skill includes high-impact setup actions such as installing/updating plugins, editing OpenClaw configuration, and restarting the Gateway, but it also explicitly requires user approval before those actions.
Ask before any install, update, restart, or config edit.
Only approve commands after checking the plugin name, target URL, and intended configuration changes.
If configured incorrectly, delegation requests could be sent to the wrong remote agent endpoint or to user-supplied URLs if overrides are allowed.
The skill configures remote agent delegation targets and an optional URL override policy, which affects where delegation traffic can be sent. This is expected for an A2A delegation setup skill and is presented as a user-confirmed choice.
Collect or confirm first ... The target base URL ... Whether direct URL overrides should be allowed through `plugins.entries.openclaw-a2a-outbound.config.policy.allowTargetUrlOverride`.
Use trusted target URLs, keep URL overrides disabled unless specifically needed, and verify the target list after setup.