a2a-Market-ACP-Lite-Negotiation
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: a2a-market-acp-lite-negotiation Version: 0.2.8 The skill bundle provides a CLI tool for automated Agent-to-Agent (A2A) price negotiations. It supports rule-based logic or LLM-driven decisions by spawning the 'openclaw' binary (src/cli/index.js) and communicating with a negotiation gateway via HTTP. While the script handles sensitive API keys and executes local commands, these behaviors are documented and necessary for its stated purpose; no evidence of data exfiltration, malicious prompt injection, or intentional backdoors was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may send offers, counters, accepts, or rejects into a negotiation session on the configured gateway.
The skill is designed to register with a gateway, poll for work, and post negotiation responses. This is purpose-aligned, but it mutates gateway/session state.
Flow: 1. `POST /agents/register` 2. Loop `GET /agents/pull` 3. `POST /agents/respond`
Use it only with a trusted gateway and verify role, agent ID, session settings, and monetary limits before starting.
A model API key may incur provider usage, and a gateway token may authorize negotiation actions.
The skill can use a gateway auth token and optional model-provider API key. This is expected for the integration, but the metadata declares no primary credential or required environment variables.
`--auth-token` (default `market-auth-token`) `--provider-env` (default `OPENAI_API_KEY`) - `--api-key` (optional direct key)
Prefer scoped/test credentials, avoid putting real API keys directly on the command line, and override the default gateway auth token for non-local use.
If configured to use an untrusted OpenClaw binary or runtime path, the local command could execute with the user's privileges.
Static scan evidence shows the CLI can spawn a local command, likely for the optional OpenClaw decision engine. This is consistent with the stated purpose but depends on the trustworthiness of the invoked runtime.
const child = spawn(runtime.command, args, {Use only a known, trusted OpenClaw executable and review any environment variable or path used to select it.
Negotiation details, agent identifiers, and auth tokens may be sent to the configured gateway.
The skill exchanges agent registration, pulls, and responses with an ACP gateway. The default is localhost, but users can point it at another gateway.
`--gateway` (default `http://127.0.0.1:3085`)
Keep the default localhost gateway for testing or use only trusted gateway URLs; avoid sending real negotiation data to untrusted endpoints.
The skill may keep responding to gateway turns until the terminal process is stopped or a poll limit/session stop condition is set.
The documented default behavior can keep polling indefinitely while the process is running. This is disclosed and user-started, not hidden persistence.
`--max-polls` (`0` means infinite)
Set a finite --max-polls value or use --stop-on-session-end when you want bounded operation.