ACE Copilot — 实用工具
v1.0.0技能 when working 使用 IBM App Connect Enterprise (ACE) 12.0, including message flow development, ESQL scripting, BAR 文件 部署, 集成...
1· 130·0 当前·0 累计
by 安全扫描
OpenClaw
安全
high confidenceThe skill is an instruction-only IBM ACE (App Connect Enterprise) reference/coprocessor whose files and runtime instructions align with its stated purpose; nothing in the bundle asks for unrelated credentials or installs arbitrary code — but the skill's trigger language is broad and its troubleshooting guidance includes actions (enabling traces, reading logs) that capture sensitive message data, so users should be cautious about when it runs and what credentials they allow it to use.
评估建议
This skill appears to be what it says: an IBM ACE reference and runtime instruction pack. Before installing, consider these points: (1) the skill's trigger text ('When in doubt, trigger this skill') is broad — if you don't want it to activate for marginal prompts, restrict the trigger or require explicit user confirmation; (2) many troubleshooting commands (enable user/service trace, mqsireadlog, docker exec, reading /etc/odbc.ini) can expose full message payloads and sensitive data (payment det...详细分析 ▾
✓ 用途与能力
Name, description, and included files (architecture, CLI, deployment, ESQL, troubleshooting) are coherent for an IBM ACE copilot. All referenced commands, paths, and workflows are consistent with ACE administration, development, and deployment tasks.
ℹ 指令范围
SKILL.md and reference files instruct the agent to run ACE CLI commands, enable user/service traces, read logs, access local REST admin (http://localhost:7600), inspect files (e.g., /etc/odbc.ini, /var/mqsi/log), and use docker exec. Those actions are expected for ACE troubleshooting but may expose message payloads and sensitive data (payment/PII) when traces/logs are captured. The skill's trigger rule 'When in doubt, trigger this skill' is vague and grants broad activation discretion — consider requiring explicit user consent before running diagnostic commands or enabling traces.
✓ 安装机制
Instruction-only skill with no install spec and no code files. No downloads or extracted archives — lowest-risk install posture.
ℹ 凭证需求
The skill declares no required environment variables or credentials, which matches the bundle. Reference content shows commands that will require local ACE environment (sourcing mqsiprofile) and typical service credentials (MQ, DB) if executed. This is proportionate to ACE operations; however, troubleshooting steps may prompt collection/exposure of sensitive runtime data and may require credentials that are not explicitly requested by the skill. There are no unexplained requests for unrelated secrets (e.g., cloud provider keys).
✓ 持久化与权限
always:false (not force-included) and normal autonomous invocation allowed. The skill does not request persistent installation or modify other skills. Because it can be invoked autonomously by the agent, consider combining this with the 'note' about broad triggers: limit autonomous runs or require confirmation for high-impact commands (trace capture, docker exec).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install ace-copilot
镜像加速npx clawhub@latest install ace-copilot --registry https://cn.longxiaskill.com 镜像可用