ACE Copilot
v1.0.0Use this skill when working with IBM App Connect Enterprise (ACE) 12.0, including message flow development, ESQL scripting, BAR file deployment, integration...
⭐ 1· 76·0 current·0 all-time
byShoaib Khan@shoaibkhan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and included files (architecture, CLI, deployment, ESQL, troubleshooting) are coherent for an IBM ACE copilot. All referenced commands, paths, and workflows are consistent with ACE administration, development, and deployment tasks.
Instruction Scope
SKILL.md and reference files instruct the agent to run ACE CLI commands, enable user/service traces, read logs, access local REST admin (http://localhost:7600), inspect files (e.g., /etc/odbc.ini, /var/mqsi/log), and use docker exec. Those actions are expected for ACE troubleshooting but may expose message payloads and sensitive data (payment/PII) when traces/logs are captured. The skill's trigger rule 'When in doubt, trigger this skill' is vague and grants broad activation discretion — consider requiring explicit user consent before running diagnostic commands or enabling traces.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads or extracted archives — lowest-risk install posture.
Credentials
The skill declares no required environment variables or credentials, which matches the bundle. Reference content shows commands that will require local ACE environment (sourcing mqsiprofile) and typical service credentials (MQ, DB) if executed. This is proportionate to ACE operations; however, troubleshooting steps may prompt collection/exposure of sensitive runtime data and may require credentials that are not explicitly requested by the skill. There are no unexplained requests for unrelated secrets (e.g., cloud provider keys).
Persistence & Privilege
always:false (not force-included) and normal autonomous invocation allowed. The skill does not request persistent installation or modify other skills. Because it can be invoked autonomously by the agent, consider combining this with the 'note' about broad triggers: limit autonomous runs or require confirmation for high-impact commands (trace capture, docker exec).
Scan Findings in Context
[no_findings] expected: Regex scanner found nothing to analyze because this is an instruction-only skill with no code files. The absence of findings is expected but not proof of safety; the SKILL.md is the primary surface to review.
Assessment
This skill appears to be what it says: an IBM ACE reference and runtime instruction pack. Before installing, consider these points: (1) the skill's trigger text ('When in doubt, trigger this skill') is broad — if you don't want it to activate for marginal prompts, restrict the trigger or require explicit user confirmation; (2) many troubleshooting commands (enable user/service trace, mqsireadlog, docker exec, reading /etc/odbc.ini) can expose full message payloads and sensitive data (payment details, PII). Make sure the agent will not run these commands or transmit captured traces without human approval; (3) the skill doesn't request credentials but will need MQ/DB/REST/admin credentials to perform actions — never paste credentials into chat; provide them to the agent only under controlled, auditable mechanisms; (4) if you require stricter control, disable autonomous invocation for this skill or configure a policy that requires user consent before running any command that captures logs, enables traces, or performs deployments. If you want, I can suggest specific guard rails (confirmation prompts, least-privilege credential handlers, or edits to the SKILL.md to limit triggers).Like a lobster shell, security has layers — review code before you run it.
latestvk97e499ksr8y3qtqqsve7r3g5983jcnw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.