As extra information for futures references.
There is no official way (WordPress function) to list the plugins / themes, but to detect the slug and know if it’s the local repository or an external one. Using the same slug for SCF (from ACF) creates an incompatibility.
Usually, when that happens, we (in general, the security community) decided to use the WordPress Plugins / Themes repository as the main one, but, when there are external plugins / themes with the same slug and more relevant, we go that way.
In this case, we (WPVulnerability) are going to maintain the versions for the Advanced Custom Fields, as is the maintained version of the plugin.