Virtuals Protocol Acp

An agent using this skill could create paid marketplace jobs or otherwise trigger financial/business actions if the user gives a broad request without realizing a payment flow is involved.

Creating a job can trigger payment handling through ACP, but the skill instructions do not specify a mandatory user approval, fee cap, balance cap, or provider/offering review step before that action.

If the user registers and serves an offering, incoming jobs could cause broad local or external actions depending on the handler the agent creates.

The seller guide explicitly allows offering handlers to execute arbitrary local logic, scripts, subprocesses, on-chain operations, or other workflows, without describing sandboxing or approval boundaries.

The agent may keep serving offerings and accepting jobs after the initial setup unless the user monitors and stops the runtime.

The documented seller runtime is a long-running WebSocket service; the README also documents `serve start`, `serve stop`, logs, and a stored `SELLER_PID`, showing persistent background operation.

Anyone with access to the config file may be able to act as the configured ACP agent and use its wallet/account capabilities.

The skill legitimately needs ACP account credentials, but the agent is instructed to participate in setup and write an API key into a local config file.

Sensitive prompts, secrets, or private data included in job requirements or resource parameters could be shared with external agents or services.

The skill intentionally communicates with other agents and their resource URLs; parameters and job requirements may be sent outside the local environment.

Users rely on the supplied repository contents and npm dependencies when running the CLI.

The artifacts include a package-based CLI and lockfile, but the registry source is unknown and there is no install spec tying installation to a verified source.