← Back to Skills Marketplace
🔍
Acp Harness Delegation
by
Kevin Stone
· GitHub ↗
· v1.0.0
· MIT-0
78
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install acp-harness-delegation
Description
通过 ACP runtime 委托 acpx-enabled harness(Claude Code / Codex 等)的标准协议。触发词:调用 Claude Code、通过 acp 调用、通过 acpx 调用、delegation to claude/codex、Coordinator 调用 Executor。
README (SKILL.md)
Acpx Harness Delegation
通过 ACP runtime 委托 acpx-enabled harness(Claude Code / Codex 等)的标准协议。
触发条件(满足其一)
- "调用 Claude Code"
- "通过 acp 调用"
- "通过 acpx 调用"
- "delegation to claude"
- "delegation to codex"
- "Coordinator 调用 Executor"
- "spawn acpx harness"
- "用 acp 调用外部 agent"
- "通过 ACP 委托 harness"
核心调用方式
✅ 标准 sessions_spawn(结果自动推回父 channel)
sessions_spawn({
runtime: "acp",
agentId: "claude", // 或 codex / pi / opencode / gemini / kimi
mode: "session", // 关键:持久 session,不是 run
thread: true, // 关键:结果通过 parent channel 推送回来
label: "executor", // 固定 label,复用 session
task: "任务描述"
})
效果:结果直接出现在 Coordinator 的聊天里,不需要跨 session 查。
❌ 错误方式(不要用)
// 错误1:mode="run" 是 fire-and-forget,无法获取返回结果
sessions_spawn({ runtime: "acp", agentId: "claude", mode: "run", task: "..." })
// 错误2:sessions_send 跨 session 访问会被 visibility 限制
sessions_send({ sessionKey: "agent:claude:acp:...", message: "..." })
// → 报错:forbidden / Session visibility restricted
// 错误3:visibility=all 有安全风险,不推荐
// → CVE-2026-27004 相关风险
调用前必须满足的 3 个前提
1️⃣ 认证:ANTHROPIC_API_KEY 必须存在
acpx 调用 Claude adapter 时,runtime 会广告 authMethods,如果找不到凭据则报错 RUNTIME: Authentication required。
检查方式:
echo $ANTHROPIC_API_KEY
配置方式(二选一):
方式 A:环境变量(推荐用于测试)
export ANTHROPIC_API_KEY=sk-...
# 然后调用
方式 B:acpx 配置文件(推荐用于生产)
在 ~/.acpx/config.json 添加:
{
"authCredentials": {
"ANTHROPIC_API_KEY": "sk-你的key"
}
}
注意:
authPolicy: "skip"只能跳过认证检查,不能替代凭据。如果 Claude adapter 要求 API key 而找不到,会直接失败。
2️⃣ acpx 全局权限配置
~/.acpx/config.json 必须包含:
{
"defaultPermissions": "approve-all",
"nonInteractivePermissions": "deny",
"authPolicy": "skip"
}
这个配置让 acpx 在自动化环境下自动批准所有操作,不弹确认框。
3️⃣ Session 可用性验证(可选但推荐)
如果之前调用过同一个 label,可能需要先验证 session 是否健康:
acpx sessions list
如果看到某个 session 显示 needs reconnect,先修复:
acpx sessions ensure \x3Csession-name>
# 或重建
acpx sessions new claude
完整调用流程(推荐写入你的 Coordinator Agent prompt)
当需要调用 Claude Code 执行任务时:
1. 前置检查:确认 ANTHROPIC_API_KEY 环境变量存在
(如果不存在,回复:"请先配置 ANTHROPIC_API_KEY 环境变量")
2. 调用 spawn:
sessions_spawn(
runtime="acp",
agentId="claude",
mode="session",
thread=true,
label="executor",
task="具体任务描述"
)
3. 等待结果:结果会通过 thread 自动推送回当前 channel
不要使用 sessions_send 去跨 session 查结果
4. 如果结果未返回,检查:
- acpx sessions list → 是否有 needs reconnect
- echo $ANTHROPIC_API_KEY → API key 是否有效
已知问题记录
🔍 unknown option '--cwd' 排查
已验证: OpenClaw acpx runtime.ts(2026.3.13)构造命令时 --cwd 是放在 agent 之前的,顺序正确:
acpx --format json --json-strict --cwd /path claude prompt --session ...
如果仍看到这个错误: 说明调用方不是 OpenClaw runtime,而是外部脚本直接调用 acpx claude --cwd /path。检查那个脚本,把 --cwd 移到 claude 之前:
✅ acpx --cwd /path claude "prompt"
❌ acpx claude --cwd /path "prompt"
错误处理对照表
| 错误信息 | 根因 | 解决方法 |
|---|---|---|
unknown option '--cwd' |
OpenClaw acpx runtime bug,参数构造顺序错误 | 等待 OpenClaw 修复;当前可在 agent config 里 workaround |
agent needs reconnect |
acpx session 记录在但进程断了 | acpx sessions ensure \x3Cname> 或 sessions new |
RUNTIME: Resource not found |
session id 失效 | 不要复用旧 id,用新的 spawn |
RUNTIME: Authentication required |
找不到 API key | 配 ANTHROPIC_API_KEY 环境变量或 authCredentials |
forbidden / Session visibility restricted |
sessions_send 跨 session 被限制 |
改用 thread=true 模式,结果自动推回 |
Session 复用说明
使用固定 label 的好处:
- 第一次调用:创建 session
- 后续调用:自动 reconnect 到已有 session,保留上下文
- Session 有 30 天归档清理 + 500 条上限
不需要手动管理 session 生命周期,只要 label 固定,acpx 会自动处理。
关键澄清
--dangerously-skip-permissions是 Claude Code CLI 的参数,不是 acpx 的参数- acpx 的正确权限控制是
defaultPermissions配置项(见上方配置) mode:"session" + thread:true是唯一可靠的结果返回方式- 不要用
visibility=all,有安全风险
相关文件
- Skill 配置:
~/.openclaw/skills/acp-harness-delegation/SKILL.md - Harness 列表:
~/.openclaw/skills/acp-harness-delegation/references/harness-list.md - acpx 全局配置:
~/.acpx/config.json - Claude API Key 配置:
~/.acpx/config.json的authCredentials字段
Usage Guidance
This skill appears to do what it says (delegate tasks to acpx-compatible harnesses), but its instructions ask you to: (1) provide/store service API keys (e.g., ANTHROPIC_API_KEY) even though the metadata declares none, and (2) change your global acpx configuration to auto-approve operations (defaultPermissions: "approve-all", authPolicy: "skip"). Before installing or following these instructions: - Do not blindly set defaultPermissions to "approve-all"; prefer least privilege or per-session approvals. - Prefer environment variables for API keys over storing them in plaintext config files; if you must store keys, restrict file permissions and consider secrets managers. - Verify you actually need persistent session auto-approval for your workflow; if not, avoid the authPolicy/defaultPermissions changes. - Ensure the acpx CLI and any adapter CLIs referenced are trustworthy and installed from official sources. - If possible, test in an isolated account or ephemeral environment first. The mismatches between declared requirements and the SKILL.md (missing env vars, assumed CLI) are the main red flags—treat this skill as requiring manual review and configuration before use.
Capability Analysis
Type: OpenClaw Skill
Name: acp-harness-delegation
Version: 1.0.0
The skill bundle provides instructions to configure the `acpx` runtime with `defaultPermissions: 'approve-all'`, which bypasses user confirmation for all actions performed by delegated agents (e.g., Claude Code), creating a high-risk environment for automated remote code execution (RCE). It also guides the agent to manage sensitive credentials like `ANTHROPIC_API_KEY` in local configuration files (`~/.acpx/config.json`). While these actions are aligned with the stated goal of agent delegation, the promotion of insecure configurations in `SKILL.md` and `references/harness-list.md` warrants a suspicious classification due to the significant reduction in security posture.
Capability Assessment
Purpose & Capability
Delegating tasks to external harnesses (Claude, Codex, etc.) legitimately requires credentials for those services. However, the skill metadata claims no required env vars or binaries while the instructions explicitly require ANTHROPIC_API_KEY (and references other provider keys) and assume an acpx CLI is present. That mismatch between declared requirements and actual instructions is a coherence issue.
Instruction Scope
SKILL.md instructs users to modify global acpx config to set defaultPermissions:"approve-all" and authPolicy:"skip" so the harness will auto-approve operations. That expands the scope beyond mere delegation — it weakens runtime authorization and enables automatic write actions. The instructions also recommend persisting API keys in ~/.acpx/config.json, which increases credential persistence and attack surface.
Install Mechanism
No install spec / code files are present (instruction-only), which is lower install risk. However, the skill assumes the acpx CLI and various harness adapters are available (npx/gemini/kimi/etc.) but does not declare these required binaries — an inconsistency that could lead to silent failures or user misconfiguration.
Credentials
The published metadata lists no required environment variables, yet the instructions require ANTHROPIC_API_KEY and mention other provider keys (OPENAI_API_KEY, etc.). Asking to store these keys in a global config file and recommending 'approve-all' for automation are disproportionate to a simple delegation helper and increase risk of credential exposure or misuse.
Persistence & Privilege
The skill does not set always:true, but its recommended changes (global ~/.acpx/config.json with defaultPermissions: 'approve-all' and authPolicy: 'skip') effectively grant persistent, elevated automatic approval for acpx operations across sessions. That is a high-privilege change outside the narrow scope of a single skill and should be treated with caution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install acp-harness-delegation - After installation, invoke the skill by name or use
/acp-harness-delegation - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
acp-harness-delegation v1.0.0 – Initial release
- Provides a standard protocol for delegating tasks via ACP runtime to acpx-enabled harnesses (e.g., Claude Code, Codex).
- Details trigger phrases and proper session spawning workflow with detailed configuration and error-handling guidance.
- Documents authentication and permissions prerequisites for successful execution.
- Offers troubleshooting tips and known issues for common integration errors.
- Includes configuration recommendations and clarifications for session reuse and safe operation.
Metadata
Frequently Asked Questions
What is Acp Harness Delegation?
通过 ACP runtime 委托 acpx-enabled harness(Claude Code / Codex 等)的标准协议。触发词:调用 Claude Code、通过 acp 调用、通过 acpx 调用、delegation to claude/codex、Coordinator 调用 Executor。 It is an AI Agent Skill for Claude Code / OpenClaw, with 78 downloads so far.
How do I install Acp Harness Delegation?
Run "/install acp-harness-delegation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Acp Harness Delegation free?
Yes, Acp Harness Delegation is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Acp Harness Delegation support?
Acp Harness Delegation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Acp Harness Delegation?
It is built and maintained by Kevin Stone (@chaoyang78); the current version is v1.0.0.
More Skills