ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Code Connector

通过 ACP 桥接调用 Claude Code。 **触发词:** "调用 Claude"、"让 Claude 处理"、"claude code" **使用方式:** ``` 调用 Claude Code 分析这个文件

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 48 · 1 current installs · 1 all-time installs
by@partigle
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (bridge to Claude Code) matches the instruction to call an ACP bridge script, so the capability aligns in concept. However, the skill assumes the presence of a specific user-local script that is not part of the package and not documented, which is an unexpected external dependency for an instruction-only skill.
!
Instruction Scope
The SKILL.md directs the agent to execute a specific absolute path on the user's machine. While the instruction does not explicitly tell the agent to read other files, executing an arbitrary local script can perform any actions (read files, network calls, exfiltrate data). The instructions provide no limits, verification steps, or description of what the script does.
Install Mechanism
No install spec (instruction-only), which reduces disk footprint from the skill itself. But relying on an external local script (not installed or bundled) is unusual and shifts trust to an out-of-band file; this is not inherently dangerous but is opaque.
!
Credentials
The skill declares no required environment variables or credentials, yet invoking an arbitrary local bridge script could access credentials or secrets on the host. Because the script is external and not audited, the skill's declared environment requirements understate what the executed code may access.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not claim to modify other skills or system-wide agent settings.
What to consider before installing
This skill runs a specific local script path that is not provided with the skill. Only enable it if you trust and have inspected /Users/mac/.openclaw/workspace/scripts/acp-bridge-claude.sh (open it and review its contents). Prefer skills that either bundle or link to a known implementation or clearly document what network endpoints and file access are used. If you need to test, run the script in a sandbox/container or request the script source from the author. If you cannot review the script, treat the skill as risky because it can execute arbitrary code and access local data or credentials.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk971m460z9sr6jkehgqnfxj2jd83nrd7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Call Claude Code via ACP

工具定义

{
  "name": "call_claude_code",
  "description": "Call Claude Code via ACP bridge",
  "inputSchema": {
    "type": "object",
    "properties": {
      "prompt": {
        "type": "string",
        "description": "The prompt to send to Claude Code"
      }
    },
    "required": ["prompt"]
  }
}

执行逻辑

/Users/mac/.openclaw/workspace/scripts/acp-bridge-claude.sh

示例

输入:

{
  "prompt": "分析当前目录的项目结构"
}

输出:

Claude Code 的分析结果...

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…