ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Acp Remote

v1.0.0

Connect to remote ACP server and execute commands via imclaw-cli.

0· 67·0 current·0 all-time
by@smallnest
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (connect to remote ACP server and execute commands via imclaw-cli) align with everything in SKILL.md: required binaries are imclaw-cli and acpx, usage examples and flags match the stated purpose.
Instruction Scope
Instructions stay within the feature boundary (install tools, configure server URL/token, run imclaw-cli). However the docs explicitly recommend using --cwd (allowing remote operations on arbitrary local directories) and --approve-all (auto-approving permission requests). Those are expected for a remote-execution client but significantly broaden what a remote agent can do if used carelessly.
!
Install Mechanism
The SKILL.md advises auto-installation that pipes a script from raw.githubusercontent.com into bash (curl ... | bash). Even though the host is GitHub, piping remote scripts to a shell is a high-risk practice. Manual install via GitHub releases is safer but the provided auto-install pattern is still present and could be executed by less-knowledgeable users or agents.
Credentials
No unexpected credentials or unrelated environment variables are required. The document references IMCLAW_SERVER and IMCLAW_TOKEN for legitimate configuration; requesting an auth token for a remote server is proportional to the skill's purpose.
Persistence & Privilege
The skill is instruction-only, always:false, and not requesting persistent platform privileges. Still, combining agent autonomous invocation (platform default) with use of --approve-all and letting the remote agent operate in an arbitrary --cwd increases operational risk; this is a behavioral/operational concern rather than an incoherence in the skill itself.
What to consider before installing
This skill appears to do what it says, but take precautions before use: 1) Avoid running the suggested auto-install command that pipes a script from raw.githubusercontent.com into bash—inspect the script first or use the manual GitHub release installation. 2) Do not use --approve-all unless you fully trust the remote ACP server and its agents; prefer finer-grained approvals. 3) Be careful with --cwd and storing IMCLAW_TOKEN in shared shells—these enable remote agents to read/write local files and use your token. 4) If you must try it, run it in an isolated environment (container or VM), inspect downloaded binaries/scripts, and limit network access and credentials accessible to the environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bpmrhr29qkjp0fw4nrbaavn83y96p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binsimclaw-cli, acpx

Comments