Back to skill
Skillv0.1.4
ClawScan security
Acp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 2:09 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are internally consistent with installing and operating an ACP channel plugin, but it performs substantial local configuration and instructs downloading code from external repositories — review before running.
- Guidance
- This skill is essentially a how-to for installing/configuring an ACP channel plugin and coherently asks the agent to modify OpenClaw config, create identity files, and clone+install a repo from GitHub/Gitee. Those actions will write persistent, sensitive files (seedPassword, keys, openclaw.json bindings) and run npm installs. Before proceeding: 1) verify and manually inspect the referenced repository (https://github.com/coderXjeff/openclaw-acp-channel) and its package.json; 2) back up ~/.openclaw/openclaw.json and related identity files; 3) decide whether you want allowFrom default ["*"] and set ownerAid appropriately; 4) consider performing the install in a sandbox or VM if you cannot audit the code; 5) only authorize modifications (bindings, device identity files, gateway restart) when you understand their consequences.
Review Dimensions
- Purpose & Capability
- okName/description (ACP channel plugin) align with requested binaries (git, node, npm, curl) and the SKILL.md content: installing a plugin, editing OpenClaw config, creating agent.md, and calling ACP endpoints are all coherent with the stated purpose.
- Instruction Scope
- noteSKILL.md instructs the agent to read/write many local configuration files (~/.openclaw/openclaw.json, ~/.openclaw/identities/*.json, ~/.acp-storage/*), create agent.md files, mutate bindings, enable plugin entries, and restart the gateway. Those operations are expected for channel/plugin setup but are high-impact changes to local config and device identity files and should be explicitly authorized by the user before execution.
- Install Mechanism
- noteThe skill is instruction-only (no registry install spec) and tells the agent to git clone https://github.com/coderXjeff/openclaw-acp-channel (with Gitee fallback) and run npm install. Cloning from GitHub/Gitee is a common/traceable approach, but it will pull and install external code on disk and run package installs — verify the repository and its dependencies before running.
- Credentials
- okNo environment variables or external credentials are requested by the skill itself. The SKILL.md does cause local secrets to be generated/stored (seedPassword written into openclaw.json and private keys under ~/.acp-storage), which is proportional to the channel's function but sensitive — ensure those files are protected and that you trust the code that will consume them.
- Persistence & Privilege
- notealways:false (not force-included). The skill's instructions cause persistent changes (cloning into ~/.openclaw/extensions/acp, writing openclaw.json, creating ~/.acp-storage entries, device identity modifications). This persistence is reasonable for a channel/plugin installer, but because it modifies global OpenClaw config and identity files, the user should confirm intent and back up configs prior to applying changes.