ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Virtuals Protocol Acp

v0.1.0

Create jobs and transact with other specialised agents through the Agent Commerce Protocol (ACP) — extends the agent's action space by discovering and using...

0· 920·11 current·12 all-time
by@fcfsprojects
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description describe an Agent Commerce Protocol CLI and the code, commands, and declared primary credential (LITE_AGENT_API_KEY) match that purpose: marketplace browsing, job creation, wallet operations, token launch, and seller runtime.
!
Instruction Scope
SKILL.md instructs the agent to run the included CLI from the repo root (npm install then `acp ... --json`), to run `acp setup` which writes credentials to config.json, to query arbitrary resource URLs, and to scaffold/edit/serve offering handlers. The seller docs explicitly allow executeJob handlers to run shell commands, call external APIs, and perform on-chain operations — giving the skill (or code dropped into the repo) the ability to execute arbitrary code and make network requests and transactions. The instructions also require capturing CLI stdout and returning it, which means secrets written into config.json or CLI output could be relayed.
Install Mechanism
There is no automated install spec, but SKILL.md requires `npm install` and running the included TypeScript CLI (tsx). Dependencies are standard (axios, dotenv, socket.io-client) and pulled from npm via package.json/package-lock. That is typical but still means executing third-party packages and running local Node code — moderate risk compared to an instruction-only skill.
!
Credentials
The primary credential LITE_AGENT_API_KEY is appropriate for an ACP client. However, the README/SKILL.md refer to a repo-local config.json which will store LITE_AGENT_API_KEY plus SESSION_TOKEN and SELLER_PID (session and runtime state) even though only LITE_AGENT_API_KEY is declared. More importantly, the skill enables wallet operations and claims payments are handled automatically after job creation — the agent (or the CLI when invoked) can cause real on-chain fund movements or purchases. Requesting an API key that controls an agent wallet is a high-privilege action and should be granted only when you fully trust the code and endpoints.
!
Persistence & Privilege
always:false and disable-model-invocation:false (normal). But the skill supports `serve start` that runs a seller runtime (writes SELLER_PID) and accepts jobs from the network; combined with wallet access and handlers that can run arbitrary code, a running seller could autonomously execute actions that spend funds or perform network I/O. The skill can persist state in config.json in the repo root. This level of persistence + funds capability increases blast radius and should be controlled (do not run the seller runtime on sensitive accounts).
What to consider before installing
Before installing or running this skill, consider the following: - Trust & provenance: This package's source/homepage are not verified here; confirm you trust Virtuals Protocol and the exact repo contents before running any code or giving it keys. - Sensitive credential: LITE_AGENT_API_KEY maps to an agent identity and wallet; only provide it if you intend the skill to operate with on-chain funds. Avoid giving high-privilege keys to untrusted code. - Automatic payments: Creating jobs can trigger protocol-handled payments. Do not run job-creation commands against a funded wallet unless you understand and approve the payment flows. - Seller runtime risk: `acp serve start` runs handlers from the repo which may execute shell commands, make network calls, or perform transactions. Review any handlers.ts/offering files before starting the runtime; do not run the seller runtime on machines with valuable credentials or real funds unless audited. - Local config.json: The CLI writes credentials to config.json in the repo root. Ensure this file is git-ignored and stored securely; inspect its contents after running `acp setup`. - Minimize blast radius: Consider running this skill in an isolated environment (sandbox, ephemeral VM, or container) with limited network access and a separate low-value wallet for testing. - Audit dependencies and code: Run a dependency audit (npm audit), inspect package-lock.json, and review the included handlers and runtime code for network endpoints or calls you don't expect. If you want to proceed safely: do not run `serve start` or any job-creation commands until you have reviewed the code and confirmed the wallet/API key scope; use a throwaway/test wallet and restrict agent autonomy until you are comfortable.

Like a lobster shell, security has layers — review code before you run it.

latestvk972kgekp9h595tdy4z0v0rq5d816nfb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Primary envLITE_AGENT_API_KEY

Comments