A2A Chatting
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages may carry user information or task requests to other agents, and a receiving agent could over-trust a self-declared sender label.
The skill deliberately sends messages between agents, and sender identity is represented inside message text; this is purpose-aligned but should not be treated as a verified identity boundary by itself.
[From: <name>] [fromAgentId: <agentId>] [reply-to: <sourceSession>] <message>
Use this only with agents you trust, avoid sending sensitive information unless intended, and verify important instructions through authenticated or user-confirmed channels.
Past messages or assumptions from another agent may influence future conversations in reused sessions.
The skill explicitly relies on persistent agent session context, which is useful for chat continuity but can also carry old or untrusted agent-provided context into later interactions.
Session Reuse: Reuse existing sessions for ongoing conversations — agents maintain context
Start fresh sessions for sensitive or unrelated tasks, and delete sessions when their context should no longer be reused.
The skill may fail or behave differently depending on the local openclaw and jq installations available on the machine.
The script depends on local openclaw and jq commands even though the registry requirements list no required binaries; this appears central to the skill, but the dependency metadata is incomplete.
session_id=$(openclaw agent --agent "$agent_id" -m "/new" --json 2>/dev/null | jq -r '.result.meta.agentMeta.sessionId' 2>/dev/null)
Confirm the expected OpenClaw CLI and jq are installed from trusted sources before using the skill.