Skillv1.0.0

ClawScan security

Virtuals · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:25 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches a CLI for a blockchain marketplace, but there are inconsistencies (a 'TESTNET ONLY' warning vs code using Base mainnet RPC/contract) and it asks users to store plaintext private keys in a local config file — both are concerning and need clarification before installing.
Guidance: Before installing or running this skill: (1) Confirm the source/trustworthiness — registry metadata lists source as unknown and no homepage, even though SKILL.md references virtuals.io. Prefer skills with verifiable upstream repos. (2) Do not paste your mainnet private key into the CLI unless you understand the risk — the skill stores the key in plaintext JSON at ~/.openclaw/virtuals/config.json (file perms 600). Use a throwaway/test wallet or hardware/external signer if possible. (3) Verify whether you intend to work on testnet or mainnet — SKILL.md warns 'TESTNET ONLY' but the code points to mainnet.base.org and a mainnet contract address; this mismatch could cause accidental mainnet transactions and fund loss. (4) Inspect/verify the contract addresses and RPC endpoints hard-coded in the code before using trading/creation commands. (5) If you need full assurance, ask the publisher for source provenance or request that the skill implement secure signing (external signer/hardware-wallet integration) and explicitly support a testnet RPC option.

Review Dimensions

Purpose & Capability: noteName/description claim a Virtuals Protocol CLI for Base L2 and the code implements exactly that (ethers.js, Base RPC, token contract address, market data). However SKILL.md contains a '⚠️ TESTNET ONLY for now' warning while the code uses BASE_RPC = 'https://mainnet.base.org' and a contract address labelled 'Base Mainnet' — this is an inconsistency that could cause users to unintentionally operate on mainnet.
Instruction Scope: concernRuntime instructions and code only perform CLI operations (price, agents list, balance, create, config). The config command stores wallet address and private key in ~/.openclaw/virtuals/config.json and the code reads/writes that file. There are no instructions that exfiltrate data to unknown endpoints, but storing private keys locally (even with file perms) is sensitive and the SKILL.md encourages configuring a private key. The code also attempts to call https://api.virtuals.io and coingecko; these network calls are expected for the stated purpose.
Install Mechanism: okNo remote archive downloads or obscure installers. The repo uses standard npm dependencies (axios, ethers, commander) and the SKILL.md instructs npm install && npm run build && npm link — a normal Node.js install flow. package-lock.json lists public npm packages.
Credentials: concernThe skill requests no environment variables, which is consistent, but it requires the user to provide a private key via the CLI which is then stored in plaintext JSON at ~/.openclaw/virtuals/config.json (file mode set to 0o600). While a private key is needed to sign transactions, storing it unencrypted in a skill-managed file is sensitive and not clearly justified; the skill does not offer alternative secure signing methods (e.g., hardware wallet, external signer, or encrypted keystore).
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. It creates a config directory under the user's home (~/.openclaw/virtuals) and persists configuration there — normal for a CLI but worth noting since it stores sensitive keys locally.