acp-router
Routes plain-language requests for various coding agents into OpenClaw ACP runtime sessions or direct acpx-driven sessions.
Install this skill
Security score
The acp-router skill was audited on Jun 10, 2026 and we found 12 security issues across 2 threat categories, including 5 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 108 | - verify `${ACPX_CMD} --version` |
Template literal with variable interpolation in command context
| 125 | - `${ACPX_PLUGIN_ROOT}/node_modules/.bin/acpx` |
Template literal with variable interpolation in command context
| 131 | - `${ACPX_PLUGIN_ROOT}/node_modules/.bin/acpx --version` |
Template literal with variable interpolation in command context
| 148 | 1. Use `exec` commands that call `${ACPX_CMD}`. |
Template literal with variable interpolation in command context
| 166 | ```bash |
Template literal with variable interpolation in command context
| 175 | ```bash |
Template literal with variable interpolation in command context
| 181 | ```bash |
Template literal with variable interpolation in command context
| 187 | ```bash |
Template literal with variable interpolation in command context
| 240 | - `NO_SESSION`: run `${ACPX_CMD} <agent> sessions new --name <sessionName>` then retry prompt. |
Access to hidden dotfiles in home directory
| 225 | If `~/.acpx/config.json` overrides `agents`, those overrides replace defaults. |
Access to hidden dotfiles in home directory
| 237 | - for thread-spawn ACP requests, first restore built-in defaults by removing broken `~/.acpx/config.json` agent overrides |
Access to .env file
| 127 | - `node -e "console.log(require(process.env.ACPX_PLUGIN_ROOT + '/package.json').dependencies.acpx)"` |