扫描报告
5 /100
acpx
Use acpx as a headless ACP CLI for agent-to-agent communication, including prompt/exec/sessions workflows, session scoping, queueing, permissions, and output formats.
This skill is a pure documentation file (SKILL.md) describing the `acpx` CLI tool for agent-to-agent communication. No implementation code, scripts, or malicious behavior is present.
可以安装
No action needed. This is a documentation-only skill. Ensure the external `acpx` npm package is sourced from a trusted registry.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 提示 | External npm package dependency 供应链 | SKILL.md:70 |
| 提示 | Permission mode flags documented 文档欺骗 | SKILL.md:159 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in SKILL.md |
| 网络访问 | NONE | NONE | — | No network operations in SKILL.md |
| 命令执行 | NONE | NONE | — | No shell execution in SKILL.md |
| 环境变量 | NONE | NONE | — | No env access in SKILL.md |
| 技能调用 | NONE | NONE | — | No skill invocation in SKILL.md |
| 剪贴板 | NONE | NONE | — | No clipboard access in SKILL.md |
| 浏览器 | NONE | NONE | — | No browser access in SKILL.md |
| 数据库 | NONE | NONE | — | No database access in SKILL.md |
目录结构
1 文件 · 10.2 KB · 321 行 Markdown 1f · 321L
└─
SKILL.md
Markdown
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
acpx | * | npm | 否 | Not pinned in documentation |
@zed-industries/codex-acp | * | npx | 否 | Not pinned in documentation |
pi-acp | * | npx | 否 | Not pinned in documentation |
安全亮点
✓ No implementation code present - pure documentation
✓ No credential harvesting or exfiltration behavior
✓ No obfuscated code or base64 payloads
✓ No suspicious network connections documented
✓ No filesystem operations without user consent
✓ No reverse shell or C2 behavior
✓ No supply chain attack indicators within the skill itself
✓ Clear and accurate documentation of the tool's behavior