ClawHub

acpx-team

v1.0.0

Multi-agent collaboration and task delegation via the Agent Client Protocol (ACP) using acpx. Form agent teams from Claude Code, Codex, OpenCode, Gemini, Cur...

0· 109·0 current·0 all-time
byWang Lei@csuwl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (multi-agent orchestration via ACP) matches the SKILL.md: it documents using the acpx CLI to create sessions, fan out prompts, synthesize results, and manage agent roles/presets. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are explicit about running the acpx CLI, creating sessions, reading local files (e.g., src/auth.ts), writing temporary files under /tmp, and combining outputs. Those actions are consistent with code-review and multi-agent orchestration tasks; there are no instructions to exfiltrate secrets or call unexpected remote endpoints.
Install Mechanism
The skill is instruction-only (no install spec). It recommends installing acpx and agent CLIs via 'npm i -g', which is a normal distribution method. Note: global npm installs run arbitrary package code (postinstall scripts) and fetch from the public registry — this is a general operational risk but coherent with the skill's purpose.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md does not request any secret or unrelated environment access beyond what the acpx CLI itself may require at runtime (not documented here).
Persistence & Privilege
The skill does not request always:true, does not alter other skills' configs, and is user-invocable only. Autonomous model invocation is allowed (platform default) but not combined with any unusual privileges.
Assessment
This skill appears to do what it says: orchestrate multiple agent CLIs via the acpx tool. Before installing or running it, consider: 1) The SKILL.md assumes you'll install npm packages (acpx and agent CLIs) — only install packages from sources you trust and inspect their npm package pages and maintainers; global npm installs can execute code during install. 2) The workflows read local source files (e.g., src/*) and write temporary files under /tmp — ensure you are comfortable with those CLIs accessing repository files and that no sensitive secrets or credentials are included in the data you send to external agents. 3) If you plan to run in sensitive or production environments, test inside an isolated environment (container/VM) first. If you need more assurance, request the upstream package repository or checksums for acpx and the agent clients so you can audit them before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975gxmvvmya17n071ymzy06j183rsgw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments