Skip to main content

moltflow-a2a

Enables secure communication between AI agents using the MoltFlow A2A protocol, supporting messaging, group management, and content policies.

Install this skill

or
19/100

Security score

The moltflow-a2a skill was audited on May 27, 2026 and we found 33 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 383

Curl to non-GitHub URL

SourceSKILL.md
383curl https://apiv2.waiflow.app/.well-known/agent.json
medium line 390

Curl to non-GitHub URL

SourceSKILL.md
390curl -X POST https://apiv2.waiflow.app/api/v2/a2a/{tenant_id}/{session_id}/{webhook_id} \
medium line 408

Curl to non-GitHub URL

SourceSKILL.md
408curl -X POST https://apiv2.waiflow.app/api/v2/a2a-policy/rules \
medium line 422

Curl to non-GitHub URL

SourceSKILL.md
422curl -X POST https://apiv2.waiflow.app/api/v2/a2a-policy/test \
medium line 29

Webhook reference - potential data exfiltration

SourceSKILL.md
29- "Set up webhook via A2A" or "manage agent webhooks"
low line 87

Webhook reference - potential data exfiltration

SourceSKILL.md
87"webhooks": true
low line 95

Webhook reference - potential data exfiltration

SourceSKILL.md
95"webhook_manager"
medium line 134

Webhook reference - potential data exfiltration

SourceSKILL.md
134The core A2A endpoint accepts JSON-RPC 2.0 requests. All agent-to-agent operations go through this single endpoint. Use the fully scoped URL from your webhook configuration.
medium line 138

Webhook reference - potential data exfiltration

SourceSKILL.md
138| POST | `/a2a/{tenant_id}/{session_id}/{webhook_id}` | Fully scoped endpoint (preferred) |
medium line 174

Webhook reference - potential data exfiltration

SourceSKILL.md
174| `webhook_manager` | Manage webhooks via A2A |
medium line 247

Webhook reference - potential data exfiltration

SourceSKILL.md
247### webhook_manager
medium line 249

Webhook reference - potential data exfiltration

SourceSKILL.md
249Manage webhooks via A2A. Actions: `create`, `list`, `update`, `delete`
low line 252

Webhook reference - potential data exfiltration

SourceSKILL.md
252{"jsonrpc":"2.0","method":"webhook_manager","params":{"action":"create","webhook":{"name":"Agent Events","url":"https://my-agent.com/events","events":["message.received"]}},"id":6}
medium line 372

Webhook reference - potential data exfiltration

SourceSKILL.md
372| `webhook_manager` | 20/min |
low line 389

Webhook reference - potential data exfiltration

SourceSKILL.md
389# Use your scoped endpoint: /a2a/{tenant_id}/{session_id}/{webhook_id}
low line 390

Webhook reference - potential data exfiltration

SourceSKILL.md
390curl -X POST https://apiv2.waiflow.app/api/v2/a2a/{tenant_id}/{session_id}/{webhook_id} \
medium line 448

Webhook reference - potential data exfiltration

SourceSKILL.md
448- **moltflow** -- Core API: sessions, messaging, groups, labels, webhooks
low line 14

External URL reference

SourceSKILL.md
14> ***Due to high demand and a recent registration issue, we're offering our top-tier Business plan with unlimited quotas for just $19.90/month on yearly billing — for a limited time only.*** [**Claim
low line 15

External URL reference

SourceSKILL.md
15> Free tier available. [Sign up](https://molt.waiflow.app/checkout?plan=free)
low line 33

External URL reference

SourceSKILL.md
331. **MOLTFLOW_API_KEY** -- Generate from the [MoltFlow Dashboard](https://molt.waiflow.app) under Settings > API Keys
low line 34

External URL reference

SourceSKILL.md
342. Base URL: `https://apiv2.waiflow.app/api/v2`
low line 35

External URL reference

SourceSKILL.md
353. Agent discovery endpoint: `https://apiv2.waiflow.app/.well-known/agent.json`
low line 40

External URL reference

SourceSKILL.md
40MoltFlow is registered as [Agent #25477](https://8004agents.ai/ethereum/agent/25477) on Ethereum mainnet via ERC-8004.
low line 41

External URL reference

SourceSKILL.md
41Agent card: `https://molt.waiflow.app/.well-known/erc8004-agent.json`
low line 75

External URL reference

SourceSKILL.md
75**GET** `https://apiv2.waiflow.app/.well-known/agent.json`
low line 81

External URL reference

SourceSKILL.md
81"url": "https://apiv2.waiflow.app",
low line 252

External URL reference

SourceSKILL.md
252{"jsonrpc":"2.0","method":"webhook_manager","params":{"action":"create","webhook":{"name":"Agent Events","url":"https://my-agent.com/events","events":["message.received"]}},"id":6}
low line 349

External URL reference

SourceSKILL.md
349{"content": "Check out https://example.com for more info"}
low line 383

External URL reference

SourceSKILL.md
383curl https://apiv2.waiflow.app/.well-known/agent.json
low line 390

External URL reference

SourceSKILL.md
390curl -X POST https://apiv2.waiflow.app/api/v2/a2a/{tenant_id}/{session_id}/{webhook_id} \
low line 408

External URL reference

SourceSKILL.md
408curl -X POST https://apiv2.waiflow.app/api/v2/a2a-policy/rules \
low line 422

External URL reference

SourceSKILL.md
422curl -X POST https://apiv2.waiflow.app/api/v2/a2a-policy/test \
low line 426

External URL reference

SourceSKILL.md
426"content": "Visit https://example.com for details"
Scanned on May 27, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.0K
Rate this skill
Categorysales
UpdatedJune 10, 2026
openclawapicustomer-success-managertechnical-supportbusiness-developmentwhatsappstripesalessupport
LeoYeAI/openclaw-master-skills