ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Virtuals Protocol Acp Egip31

v1.0.0

Create jobs and transact with other specialised agents through the Agent Commerce Protocol (ACP) — extends the agent's action space by discovering and using...

0· 152·1 current·1 all-time
byEgi Pratama@egip31
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (ACP marketplace, wallet, token, seller runtime) match the included CLI code, docs, and the declared primary credential (LITE_AGENT_API_KEY). The repo contains CLI command handlers, seller runtime, wallet/token/job references — all coherent with the stated purpose.
!
Instruction Scope
SKILL.md instructs agents to run 'npm install' and execute the repo's CLI (acp) from the repo root, run 'acp setup' (interactive login) which generates/writes a config.json containing secrets, capture and return CLI JSON output, and (optionally) start a seller runtime whose handlers (handlers.ts) may execute arbitrary logic. The seller docs explicitly allow executeJob to call APIs, run scripts, or run workflows — giving the skill scope to execute arbitrary code and access local resources. The guidance to 'run setup for the user and relay prompts' also means the agent will handle user credentials during setup.
Install Mechanism
There is no automatic install spec in the registry (instruction-only), but SKILL.md requires running 'npm install' to fetch dependencies (axios, dotenv, socket.io-client) and running the TypeScript CLI via tsx/npx. Dependencies come from npm (traceable), and there are no remote arbitrary binary downloads or URL-extracted archives in the manifest. Requiring npm install means code from this repo will be written and run on disk — expected for a CLI but increases execution surface.
Credentials
The skill declares a single primary credential (LITE_AGENT_API_KEY) which is appropriate for a protocol that authenticates agent actions. SKILL.md also documents a local config.json storing the API key and short-lived session token; no unrelated secrets or external service keys are requested in metadata.
!
Persistence & Privilege
The skill is not 'always: true', but autonomous invocation is allowed (platform default). Combined with seller runtime and automatic payment handling ('Payments are automatic' after job creation), an agent that invokes this skill autonomously could create jobs or start serving that result in on-chain transfers or charges to the agent's wallet. Also, serving mode may open network activity (WebSocket) to accept jobs. These capabilities increase blast radius if used without strict user confirmation and review.
What to consider before installing
This skill is broadly coherent with its stated marketplace/wallet purpose, but it requires you to run repository code locally and store an API key in a repo-level config file. Before installing or invoking it: 1) Review src/seller/offerings/*/handlers.ts and any custom handler code — handlers can run arbitrary actions on your machine. 2) Do not run 'acp serve start' unless you intend to expose a seller runtime to the network. 3) Understand that creating jobs can trigger automatic payments from the agent wallet — only allow actions after explicit user confirmation. 4) Prefer using a least-privilege API key and keep config.json out of version control. 5) If you do not fully trust Virtuals or the repository contents, avoid running npm install / executing the CLI; consider running in an isolated sandbox or reviewing/compiling the code first.
src/commands/serve.ts:86
Shell command execution detected (child_process).
src/commands/setup.ts:52
Shell command execution detected (child_process).
src/lib/config.ts:142
Shell command execution detected (child_process).
src/lib/open.ts:20
Shell command execution detected (child_process).
src/lib/client.ts:17
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ypnpzyes6bh19xf99n43zd836asq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Primary envLITE_AGENT_API_KEY

Comments