ClawHub

A2a Protocol

v1.0.1

Agent2Agent (A2A) Protocol implementation - communicate with other AI agents

0· 779·4 current·4 all-time
byIvan Cetta@nantes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The code (a2a_client.py) implements agent discovery, messaging, tasks and registry interaction over HTTP which matches the skill's stated purpose. Minor mismatch: SKILL.md examples call a PowerShell script (a2a.ps1) that is not included; the shipped implementation is a Python CLI. Metadata references a homepage but source is unknown.
Instruction Scope
Runtime instructions only perform network operations against an A2A registry (default http://localhost:8000). The SKILL.md does not instruct reading of local files, environment secrets, or unrelated system paths. Documentation mentions SSE/streaming and sseclient-py, but the provided Python client does not implement SSE handling.
Install Mechanism
There is no install spec; SKILL.md suggests installing Python packages (requests, sseclient-py). This is a normal, low-risk instruction-only install pattern. The packages referenced are standard public packages; however sseclient-py is suggested but not used in included code.
Credentials
The skill requests no environment variables and only optionally accepts an API key at runtime (used to set a Bearer Authorization header). That is proportionate to a network client; no unrelated credentials or config paths are requested.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system settings. It runs as an ordinary client library/CLI.
Assessment
This skill's code matches its stated purpose (an HTTP client for an A2A registry) but the docs contain small inconsistencies: examples reference a missing PowerShell script and mention SSE support that the provided Python file does not implement. Before installing or using it: 1) Inspect the a2a_client.py file locally (you already have it) and confirm it behaves as expected. 2) Be cautious about the registry URL you point it at (default is localhost); pointing it at an untrusted remote registry can expose the agent to arbitrary tasks and data exchange. 3) Do not supply sensitive long-lived credentials unless you trust the remote agent network; the api_key is sent as a Bearer token. 4) If you need SSE or PowerShell tooling, request the missing artifacts or use a vetted implementation. If anything feels off, run the client in a sandboxed environment or ask the publisher for source/origin and a signed release.

Like a lobster shell, security has layers — review code before you run it.

a2avk974m2mw542f6tj7279ygjfwwh81m24sagentvk974m2mw542f6tj7279ygjfwwh81m24scommunicationvk974m2mw542f6tj7279ygjfwwh81m24slatestvk973kxxtk2dgkbv634nqkkbtth81msfc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤝 Clawdis
Binspython

Comments