A2WF — Agent-to-Web Framework
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is purpose-aligned and its bundled scripts look limited, but it can fetch websites, run local Node scripts, and its audit documentation overstates what the validator actually checks.
Install if you are comfortable letting the agent fetch siteai.json files and run the bundled Node validator/generator. Do not treat the advertised audit as proof of live-site discovery or content-type compliance unless those checks are performed separately.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A website's siteai.json policy may affect what the agent will do on that site.
The skill deliberately makes a website-supplied policy influence the agent's later browsing or action choices. This is purpose-aligned governance behavior, but users should understand that it may cause the agent to refuse or alter actions based on that policy.
When browsing a website, check for `siteai.json` at the domain root before taking actions. Respect the declared permissions
Use this skill when you want agents to honor A2WF policies, and review any refusals or behavior changes if they conflict with your task.
The agent may fetch remote website policy files and execute local Node commands for validation or generation.
The skill requests web_fetch and exec so the agent can download siteai.json files and run the bundled Node scripts. This is disclosed and aligned with the stated purpose, but it is still meaningful tool authority.
metadata: {"openclaw":{"emoji":"🛡️","homepage":"https://a2wf.org","requires":{"tools":["web_fetch","exec"]}}}Only invoke it for siteai.json/A2WF work, and review file paths or command parameters before running commands that write output.
A user could think a live website compliance audit was performed when the included validator mainly audits a local JSON document.
SKILL.md presents the audit command as performing live website discovery and content-type checks, but the bundled validator source states it is local-only and reads a local file. Users should not over-rely on the audit score for checks the script does not implement.
node {baseDir}/scripts/validate.mjs https://example.com --audit ... Performs: - Discovery check: Does `/siteai.json` exist? Correct content-type?Treat the audit output as local policy analysis unless you separately fetch the file and verify live-site details such as location and content type.