← Back to Skills Marketplace

Virtuals

Name: Virtuals
Author: rojasjuniore

by rojasjuniore · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1126

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install virtuals

Description

Virtuals Protocol integration for OpenClaw. Create, manage and trade tokenized AI agents on Base.

Usage Guidance

Before installing or running this skill: (1) Confirm the source/trustworthiness — registry metadata lists source as unknown and no homepage, even though SKILL.md references virtuals.io. Prefer skills with verifiable upstream repos. (2) Do not paste your mainnet private key into the CLI unless you understand the risk — the skill stores the key in plaintext JSON at ~/.openclaw/virtuals/config.json (file perms 600). Use a throwaway/test wallet or hardware/external signer if possible. (3) Verify whether you intend to work on testnet or mainnet — SKILL.md warns 'TESTNET ONLY' but the code points to mainnet.base.org and a mainnet contract address; this mismatch could cause accidental mainnet transactions and fund loss. (4) Inspect/verify the contract addresses and RPC endpoints hard-coded in the code before using trading/creation commands. (5) If you need full assurance, ask the publisher for source provenance or request that the skill implement secure signing (external signer/hardware-wallet integration) and explicitly support a testnet RPC option.

Capability Analysis

Type: OpenClaw Skill Name: virtuals Version: 1.0.0 The skill is classified as suspicious primarily due to its capability to store a user-provided private key on disk in `~/.openclaw/virtuals/config.json` via the `virtuals config --private-key <key>` command (documented in SKILL.md and implemented in src/cli.ts). While the code attempts to secure this file with `chmodSync(CONFIG_FILE, 0o600)` and the SKILL.md explicitly warns 'TESTNET ONLY for now - Don't use mainnet funds', storing private keys on disk is an inherently high-risk practice. The current implementation of the `create` command in `src/cli.ts` does not yet use the private key for on-chain transactions, directing users to a website instead, which prevents an immediate 'malicious' classification, but the risky capability remains.

Capability Assessment

ℹ Purpose & Capability

Name/description claim a Virtuals Protocol CLI for Base L2 and the code implements exactly that (ethers.js, Base RPC, token contract address, market data). However SKILL.md contains a '⚠️ TESTNET ONLY for now' warning while the code uses BASE_RPC = 'https://mainnet.base.org' and a contract address labelled 'Base Mainnet' — this is an inconsistency that could cause users to unintentionally operate on mainnet.

⚠ Instruction Scope

Runtime instructions and code only perform CLI operations (price, agents list, balance, create, config). The config command stores wallet address and private key in ~/.openclaw/virtuals/config.json and the code reads/writes that file. There are no instructions that exfiltrate data to unknown endpoints, but storing private keys locally (even with file perms) is sensitive and the SKILL.md encourages configuring a private key. The code also attempts to call https://api.virtuals.io and coingecko; these network calls are expected for the stated purpose.

✓ Install Mechanism

No remote archive downloads or obscure installers. The repo uses standard npm dependencies (axios, ethers, commander) and the SKILL.md instructs npm install && npm run build && npm link — a normal Node.js install flow. package-lock.json lists public npm packages.

⚠ Credentials

The skill requests no environment variables, which is consistent, but it requires the user to provide a private key via the CLI which is then stored in plaintext JSON at ~/.openclaw/virtuals/config.json (file mode set to 0o600). While a private key is needed to sign transactions, storing it unencrypted in a skill-managed file is sensitive and not clearly justified; the skill does not offer alternative secure signing methods (e.g., hardware wallet, external signer, or encrypted keystore).

ℹ Persistence & Privilege

The skill does not request always:true and does not modify other skills. It creates a config directory under the user's home (~/.openclaw/virtuals) and persists configuration there — normal for a CLI but worth noting since it stores sensitive keys locally.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install virtuals
After installation, invoke the skill by name or use /virtuals
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release - Virtuals Protocol integration

Metadata

Slug virtuals

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Virtuals?

Virtuals Protocol integration for OpenClaw. Create, manage and trade tokenized AI agents on Base. It is an AI Agent Skill for Claude Code / OpenClaw, with 1126 downloads so far.

How do I install Virtuals?

Run "/install virtuals" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Virtuals free?

Yes, Virtuals is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Virtuals support?

Virtuals is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Virtuals?

It is built and maintained by rojasjuniore (@rojasjuniore); the current version is v1.0.0.

More Skills