Skillv0.1.0

ClawScan security

Acp Team · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 9:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's README-like instructions describe a CLI npm package that manipulates local team/task files and spawns agents via acpx, but the registry metadata omits the install/credential requirements the instructions imply and the install trust model (npm global package) is not represented—this mismatch deserves caution.
Guidance: This skill is an instruction-only description of an npm-based CLI that manages local task/inbox files and orchestrates agents through acpx. Before installing or using it: 1) verify the npm package (acp-team) and its publisher—review the package source code or GitHub repo and confirm it matches the SKILL.md; 2) be aware npm -g installs execute third-party code and may require elevated privileges—prefer inspecting the package or using a local/non-global install or a sandbox; 3) acpx likely needs model-provider credentials (e.g., Anthropic/OpenAI) even though the skill metadata doesn't declare them—check acpx docs and only provide credentials you trust; 4) understand that 'msg inbox' can drain (delete) messages and the tool will create/modify .team/ .tasks files in your project; and 5) run the CLI in an isolated project or container if you want to limit blast radius. The primary issue is the mismatch between what the README says you must install/use and the registry metadata (no declared binaries/credentials/install spec).

Review Dimensions

Purpose & Capability: noteThe skill's name and description claim a team coordination layer for multi-agent workflows and the SKILL.md describes exactly that (taskboard, inbox, lease system, spawning agents via acpx). This purpose is consistent with the commands and file layout described. However, the skill instructions require installing an npm package and the acpx tool, but the registry metadata lists no required binaries or install steps—an omission that is inconsistent and worth noting.
Instruction Scope: okSKILL.md contains concrete CLI usage and describes local filesystem paths (.team/, .tasks/) and message inbox semantics (including 'drain' behavior). It does not instruct reading unrelated system files or exfiltrating data. The only scope concern is that 'msg inbox' is documented to drain messages (deleting local data) which is expected behavior but should be understood by users.
Install Mechanism: noteThere is no install spec in the registry (instruction-only), but SKILL.md tells users to run 'npm install -g acp-team' and to install 'acpx'. Installing a global npm package is a common but moderately risky install mechanism because it runs third-party code on the host. The registry not declaring this install step is an inconsistency and increases the burden on the user to verify the package origin and contents before installing globally.
Credentials: noteThe skill declares no required environment variables or credentials. The SKILL.md does not explicitly request provider API keys, but it references 'acpx sessions' and spawning agents (example uses '-a claude'), which implies integration with model providers or external services that likely require credentials handled by acpx. The lack of declared credential requirements in the metadata is an omission that could surprise users at runtime.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. As an instruction-only skill it does not persist configuration in the registry, but the CLI it documents will create/modify local directories (.team, .tasks) within the project. That file-system persistence is expected for this functionality and is confined to the project directory as described.