Back to skill
Skillv1.0.0
ClawScan security
Acp Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 5, 2026, 10:40 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (routing ACP/harness requests) matches its instructions, but the runtime instructions ask the agent to modify local files, install npm packages, and restart a gateway while the metadata declares no required binaries/config — this mismatch and system-impacting guidance is concerning.
- Guidance
- This skill appears to do what it claims (route harness work), but its instructions let an agent install npm packages, run local acpx binaries, write into ./extensions/acpx, and restart the gateway — none of which are declared in the manifest. Before installing, consider: (1) require explicit user confirmation before the agent runs any npm install or restart actions; (2) verify the pinned acpx version and inspect the extension's package.json and npm package contents in a sandbox; (3) restrict autonomous invocation or only allow the skill when you trust the environment; (4) if possible, run these operations manually yourself rather than letting the agent perform them. If you need this skill, ask the developer to update the manifest to declare required binaries/config paths and to reduce automatic repair actions.
Review Dimensions
- Purpose & Capability
- noteThe skill legitimately routes requests to ACP harnesses and documents two appropriate paths (OpenClaw sessions_spawn or direct acpx). That capability matches the name/description. However, the manifest declares no required binaries or config paths even though the instructions rely on a local acpx binary and an extensions/acpx package.json; this omission is an inconsistency.
- Instruction Scope
- concernSKILL.md tells the agent to read local files (./extensions/acpx/package.json), verify and run a locally pinned binary, run exec commands, perform npm installs, and 'restart the gateway' as part of repair. Those are system-level operations and file writes beyond simple routing; the skill text grants the agent broad discretion to change local state without any declared constraints.
- Install Mechanism
- concernThere is no formal install spec, but the instructions explicitly direct performing npm installs (plugin-local acpx@<pinnedVersion>) and running binaries from node_modules/.bin. Relying on the agent to download and install packages from npm is a moderate-to-high risk action that the manifest does not reflect.
- Credentials
- noteThe skill requests no credentials or environment variables in metadata (good), but the runtime instructions assume an ACPX_CMD variable and specific local paths. The absence of declared required env vars/config paths is an inconsistency: the skill expects filesystem and command artifacts without declaring them.
- Persistence & Privilege
- concernInstructions include installing files into extensions/acpx, potentially changing plugin artifacts, and restarting the gateway — actions that persist on disk and may affect system behavior. Although always:false and not attempting to modify other skills, this level of persistent modification is significant and should require explicit user consent or tighter constraints.