Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ACPX Agent Playbook
v1.0.0Practical playbook for running agents through acpx in persistent sessions, especially when Claude, Codex, Pi, Gemini, OpenCode, or other ACP-compatible agent...
⭐ 0· 163·0 current·0 all-time
byLi Xin@spyfree
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match the content: an operational playbook for running agents via acpx with persistent sessions, file generation, validation, and fallback shell/Python writes. The skill declares no binaries, env vars, or installs and none appear required for the described guidance.
Instruction Scope
SKILL.md gives concrete runtime instructions for creating sessions, switching modes, using prompt files, writing artifacts under /tmp, using shell heredocs or python CLI blocks, and validating outputs. These steps are consistent with the playbook's purpose. However the instructions explicitly tell operators/agents to inspect and (implicitly) modify acpx config at ~/.acpx/config.json to change permission settings; that is a system-level config path not declared in the skill metadata and is an action that can change host behavior, so it merits manual review before allowing an agent to follow it autonomously.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low-risk from an installation perspective — nothing will be downloaded or written by an installer step.
Credentials
The skill declares no environment variables or credentials (which aligns with being a playbook). The instructions do assume the presence of an acpx binary, a writable workspace (and /tmp), and the ability to create local Python virtual environments and run pip installs if needed. They also reference the user's acpx config file (~/.acpx/config.json). Because the metadata did not declare required config paths, callers should be aware the playbook expects access to those paths at runtime.
Persistence & Privilege
Metadata does not request always:true and defaults allow model invocation (normal). The playbook recommends setting acpx session mode to 'full-access' for the session — it clarifies this is not sudo/root. That session-level choice increases the agent's operational freedom during a session, so an operator should explicitly approve such sessions; the skill itself does not request persistent or system-wide privileges.
What to consider before installing
This playbook appears to be a legitimate operational guide for using acpx to run agents and produce deliverables, but it includes instructions that modify or rely on a user config (~/.acpx/config.json) and that recommend enabling 'full-access' session mode. Before using it or allowing an agent to execute these steps: 1) Back up ~/.acpx/config.json and any other acpx-related config; 2) Run the playbook manually once with a safe, low-privilege test (fixed-text and minimal file write) to confirm behavior; 3) Do not include sensitive credentials or secrets in prompt files; 4) Restrict or manually approve any agent session you set to 'full-access' and prefer a verified delivery agent (the playbook itself recommends smoke tests); 5) If you cannot or will not allow changes to ~/.acpx/config.json, edit the playbook to remove/annotate those steps. These precautions reduce the risk that a session or prompt accidentally changes system behavior or exfiltrates sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk97ea67248k4j5pmv00bewsy398327bb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.