moltflow-a2a

Enables secure communication between AI agents using the MoltFlow A2A protocol, supporting messaging, group management, and content policies.

Install this skill

or

19/100

Security score

The moltflow-a2a skill was audited on May 27, 2026 and we found 33 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 383

Curl to non-GitHub URL

SourceSKILL.md

383	curl https://apiv2.waiflow.app/.well-known/agent.json

medium line 390

Curl to non-GitHub URL

SourceSKILL.md

390	curl -X POST https://apiv2.waiflow.app/api/v2/a2a/{tenant_id}/{session_id}/{webhook_id} \

medium line 408

Curl to non-GitHub URL

SourceSKILL.md

408	curl -X POST https://apiv2.waiflow.app/api/v2/a2a-policy/rules \

medium line 422

Curl to non-GitHub URL

SourceSKILL.md

422	curl -X POST https://apiv2.waiflow.app/api/v2/a2a-policy/test \

medium line 29

Webhook reference - potential data exfiltration

SourceSKILL.md

29	- "Set up webhook via A2A" or "manage agent webhooks"

low line 87

Webhook reference - potential data exfiltration

SourceSKILL.md

87	"webhooks": true

low line 95

Webhook reference - potential data exfiltration

SourceSKILL.md

95	"webhook_manager"

medium line 134

Webhook reference - potential data exfiltration

SourceSKILL.md

134	The core A2A endpoint accepts JSON-RPC 2.0 requests. All agent-to-agent operations go through this single endpoint. Use the fully scoped URL from your webhook configuration.

medium line 138

Webhook reference - potential data exfiltration

SourceSKILL.md

138	\| POST \| `/a2a/{tenant_id}/{session_id}/{webhook_id}` \| Fully scoped endpoint (preferred) \|

medium line 174

Webhook reference - potential data exfiltration

SourceSKILL.md

174	\| `webhook_manager` \| Manage webhooks via A2A \|

medium line 247

Webhook reference - potential data exfiltration

SourceSKILL.md

247	### webhook_manager

medium line 249

Webhook reference - potential data exfiltration

SourceSKILL.md

249	Manage webhooks via A2A. Actions: `create`, `list`, `update`, `delete`

low line 252

Webhook reference - potential data exfiltration

SourceSKILL.md

252	{"jsonrpc":"2.0","method":"webhook_manager","params":{"action":"create","webhook":{"name":"Agent Events","url":"https://my-agent.com/events","events":["message.received"]}},"id":6}

medium line 372

Webhook reference - potential data exfiltration

SourceSKILL.md

372	\| `webhook_manager` \| 20/min \|

low line 389

Webhook reference - potential data exfiltration

SourceSKILL.md

389	# Use your scoped endpoint: /a2a/{tenant_id}/{session_id}/{webhook_id}

low line 390

Webhook reference - potential data exfiltration

SourceSKILL.md

390	curl -X POST https://apiv2.waiflow.app/api/v2/a2a/{tenant_id}/{session_id}/{webhook_id} \

medium line 448

Webhook reference - potential data exfiltration

SourceSKILL.md

448	- moltflow -- Core API: sessions, messaging, groups, labels, webhooks

low line 14

External URL reference

SourceSKILL.md

14	> *Due to high demand and a recent registration issue, we're offering our top-tier Business plan with unlimited quotas for just $19.90/month on yearly billing — for a limited time only.* [**Claim

low line 15

External URL reference

SourceSKILL.md

15	> Free tier available. [Sign up](https://molt.waiflow.app/checkout?plan=free)

low line 33

External URL reference

SourceSKILL.md

33	1. MOLTFLOW_API_KEY -- Generate from the [MoltFlow Dashboard](https://molt.waiflow.app) under Settings > API Keys

low line 34

External URL reference

SourceSKILL.md

34	2. Base URL: `https://apiv2.waiflow.app/api/v2`

low line 35

External URL reference

SourceSKILL.md

35	3. Agent discovery endpoint: `https://apiv2.waiflow.app/.well-known/agent.json`

low line 40

External URL reference

SourceSKILL.md

40	MoltFlow is registered as [Agent #25477](https://8004agents.ai/ethereum/agent/25477) on Ethereum mainnet via ERC-8004.

low line 41

External URL reference

SourceSKILL.md

41	Agent card: `https://molt.waiflow.app/.well-known/erc8004-agent.json`

low line 75

External URL reference

SourceSKILL.md

75	GET `https://apiv2.waiflow.app/.well-known/agent.json`

low line 81

External URL reference

SourceSKILL.md

81	"url": "https://apiv2.waiflow.app",

low line 252

External URL reference

SourceSKILL.md

252	{"jsonrpc":"2.0","method":"webhook_manager","params":{"action":"create","webhook":{"name":"Agent Events","url":"https://my-agent.com/events","events":["message.received"]}},"id":6}

low line 349

External URL reference

SourceSKILL.md

349	{"content": "Check out https://example.com for more info"}

low line 383

External URL reference

SourceSKILL.md

383	curl https://apiv2.waiflow.app/.well-known/agent.json

low line 390

External URL reference

SourceSKILL.md

390	curl -X POST https://apiv2.waiflow.app/api/v2/a2a/{tenant_id}/{session_id}/{webhook_id} \

low line 408

External URL reference

SourceSKILL.md

408	curl -X POST https://apiv2.waiflow.app/api/v2/a2a-policy/rules \

low line 422

External URL reference

SourceSKILL.md

422	curl -X POST https://apiv2.waiflow.app/api/v2/a2a-policy/test \

low line 426

External URL reference

SourceSKILL.md

426	"content": "Visit https://example.com for details"

Scanned on May 27, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.0K

Rate this skill

Categorysales

UpdatedJune 10, 2026

openclaw api customer-success-manager technical-support business-development whatsapp stripe sales support

LeoYeAI/openclaw-master-skills