acp-router
Routes plain-language requests for various coding agents into OpenClaw ACP runtime sessions or direct acpx-driven sessions.
Install this skill
Security score
The acp-router skill was audited on May 12, 2026 and we found 12 security issues across 2 threat categories, including 5 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 109 | - verify `${ACPX_CMD} --version` |
Template literal with variable interpolation in command context
| 126 | - `${ACPX_PLUGIN_ROOT}/node_modules/.bin/acpx` |
Template literal with variable interpolation in command context
| 132 | - `${ACPX_PLUGIN_ROOT}/node_modules/.bin/acpx --version` |
Template literal with variable interpolation in command context
| 149 | 1. Use `exec` commands that call `${ACPX_CMD}`. |
Template literal with variable interpolation in command context
| 167 | ```bash |
Template literal with variable interpolation in command context
| 176 | ```bash |
Template literal with variable interpolation in command context
| 182 | ```bash |
Template literal with variable interpolation in command context
| 188 | ```bash |
Template literal with variable interpolation in command context
| 243 | - `NO_SESSION`: run `${ACPX_CMD} <agent> sessions new --name <sessionName>` then retry prompt. |
Access to hidden dotfiles in home directory
| 228 | If `~/.acpx/config.json` overrides `agents`, those overrides replace defaults. |
Access to hidden dotfiles in home directory
| 240 | - for thread-spawn ACP requests, first restore built-in defaults by removing broken `~/.acpx/config.json` agent overrides |
Access to .env file
| 128 | - `node -e "console.log(require(process.env.ACPX_PLUGIN_ROOT + '/package.json').dependencies.acpx)"` |