Virtuals
WarnAudited by ClawScan on May 10, 2026.
Overview
This crypto-trading skill asks for a wallet private key and has unclear mainnet/testnet handling, so it should be reviewed carefully before use.
Treat this as a Review item, not proven malware. Do not provide a valuable or mainnet wallet private key. If you test it, use a burner wallet with minimal funds, confirm which network it actually uses, and remove `~/.openclaw/virtuals/config.json` if you previously saved a key.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A private key can control wallet funds; passing it on the command line may also expose it through shell history or process listings.
The skill accepts a raw blockchain wallet private key and saves it into a JSON config file. The registry metadata declares no primary credential, and the code does not show encrypted key storage or a wallet-approval flow.
.option('--private-key <key>', 'Private key (stored securely)') ... if (options.privateKey) { config.privateKey = options.privateKey; } ... fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));Do not enter a mainnet or valuable wallet key. Use a burner/testnet wallet only, and prefer an encrypted keystore or wallet-provider approval flow with explicit transaction confirmations.
A user could misunderstand which network is being used and accidentally expose a real wallet or mainnet funds.
This safety claim conflicts with the source code, which labels the contract settings as Base Mainnet and uses `https://mainnet.base.org`. That mismatch makes the financial environment unclear.
**⚠️ TESTNET ONLY for now** - Don't use mainnet funds.
Require the skill to clearly separate testnet and mainnet modes, default to testnet or read-only mode, and make the active network explicit before any wallet configuration or transaction.
If connected to a funded wallet, buy/sell actions could spend or dispose of crypto assets.
The documented trading commands are purpose-aligned, but they are financially impactful and should only run with explicit user intent and clear transaction details.
virtuals buy <agent> <amount> # Buy agent tokens virtuals sell <agent> <amount> # Sell agent tokens
Require explicit approval before any trade, show network, token, amount, estimated cost, slippage, and destination contract, and support spending limits.
Installing and linking the package runs local JavaScript tooling and makes the `virtuals` command available on the system.
The install flow asks the user to install npm dependencies, build the package, and globally link the CLI. This is coherent for a CLI skill, but users still need to trust the package and dependency provenance.
npm install && npm run build && npm link
Install only from a trusted source, inspect package files, use the included lockfile, and avoid running the CLI with sensitive wallet keys until the credential and network issues are resolved.