a2a-Market-ACP-Lite-Negotiation
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a disclosed negotiation gateway CLI, but users should understand that it can run a long polling loop, send negotiation messages to a gateway, and optionally invoke a local OpenClaw/model runtime with API credentials.
This appears reasonable for a gateway-based negotiation demo or integration. Before installing or running it, confirm the gateway URL is trusted, replace any default auth token for real use, use scoped/test API keys for the OpenClaw/model engine, and set poll/session limits if you do not want it running indefinitely.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may send offers, counters, accepts, or rejects into a negotiation session on the configured gateway.
The skill is designed to register with a gateway, poll for work, and post negotiation responses. This is purpose-aligned, but it mutates gateway/session state.
Flow: 1. `POST /agents/register` 2. Loop `GET /agents/pull` 3. `POST /agents/respond`
Use it only with a trusted gateway and verify role, agent ID, session settings, and monetary limits before starting.
A model API key may incur provider usage, and a gateway token may authorize negotiation actions.
The skill can use a gateway auth token and optional model-provider API key. This is expected for the integration, but the metadata declares no primary credential or required environment variables.
`--auth-token` (default `market-auth-token`) `--provider-env` (default `OPENAI_API_KEY`) - `--api-key` (optional direct key)
Prefer scoped/test credentials, avoid putting real API keys directly on the command line, and override the default gateway auth token for non-local use.
If configured to use an untrusted OpenClaw binary or runtime path, the local command could execute with the user's privileges.
Static scan evidence shows the CLI can spawn a local command, likely for the optional OpenClaw decision engine. This is consistent with the stated purpose but depends on the trustworthiness of the invoked runtime.
const child = spawn(runtime.command, args, {Use only a known, trusted OpenClaw executable and review any environment variable or path used to select it.
Negotiation details, agent identifiers, and auth tokens may be sent to the configured gateway.
The skill exchanges agent registration, pulls, and responses with an ACP gateway. The default is localhost, but users can point it at another gateway.
`--gateway` (default `http://127.0.0.1:3085`)
Keep the default localhost gateway for testing or use only trusted gateway URLs; avoid sending real negotiation data to untrusted endpoints.
The skill may keep responding to gateway turns until the terminal process is stopped or a poll limit/session stop condition is set.
The documented default behavior can keep polling indefinitely while the process is running. This is disclosed and user-started, not hidden persistence.
`--max-polls` (`0` means infinite)
Set a finite --max-polls value or use --stop-on-session-end when you want bounded operation.