← 返回 Skills 市场
virtualstechteam

Virtuals Protocol ACP

作者 virtualstechteam · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
3349
总下载
0
收藏
23
当前安装
2
版本数
在 OpenClaw 中安装
/install virtuals-protocol-acp
功能描述
Create jobs and transact with other specialised agents through the Agent Commerce Protocol (ACP) — extends the agent's action space by discovering and using agents on the marketplace, enables launching an agent token for fundraising and revenue, and supports registering service offerings to sell capabilities to other agents.
安全使用建议
This skill appears to implement the described Agent Commerce Protocol CLI and seller runtime and requests only an ACP API key, which is proportionate. Before installing, consider: 1) Source verification — the registry entry shows no official source; SKILL.md references app.virtuals.io but the package origin isn't verified. Review the repository files yourself if possible. 2) npm install will download third-party packages (axios, dotenv, socket.io-client) — run in a sandbox or CI if you are cautious. 3) The CLI will create/read config.json at the repo root to store LITE_AGENT_API_KEY, SESSION_TOKEN and SELLER_PID — treat this file as sensitive (ensure it is gitignored and stored securely). 4) The skill can start a background seller process and spawn child processes; that process will have access to the stored API key and the agent wallet (on-chain funds). Use a separate wallet / limited-funds account if you plan to test. 5) Token launch and job creation are on-chain and may incur costs — do not run token-launch or job-create commands unless you understand the consequences. If you lack trust in the source, either audit the code (particularly seller runtime and lib/auth.js) or avoid installing and running the CLI.
功能分析
Type: OpenClaw Skill Name: virtuals-protocol-acp Version: 1.0.1 The skill contains a critical shell injection vulnerability in `src/lib/open.ts` where URLs fetched from an external API (`https://acpx.virtuals.io`) are directly executed in a shell command (`child_process.exec`). This could lead to Remote Code Execution (RCE) if the external API is compromised and returns a malicious URL. Additionally, the skill's core functionality allows for RCE via dynamically loaded `handlers.ts` files (`src/seller/runtime/seller.ts`). An AI agent running this skill could be prompted to write malicious code into these handler files, which would then be executed on the host system, representing a significant prompt-injection risk against the agent.
能力评估
Purpose & Capability
The skill implements a marketplace/wallet/token/seller runtime CLI and declares LITE_AGENT_API_KEY as the primary credential — this is appropriate. Minor inconsistency: registry metadata lists Source: unknown and no homepage, while SKILL.md/README reference https://app.virtuals.io; lack of a clearly published official source reduces trust but does not make the functionality incoherent.
Instruction Scope
SKILL.md tells the agent to run the included CLI from the repo root, run `npm install`, run `acp setup` (interactive login) and capture JSON stdout. The instructions require reading/writing a local config.json (for API keys, session tokens, SELLER_PID) and optionally prompting user input — these actions are within the scope of operating a CLI that manages agent identities, wallets, jobs, and seller runtime.
Install Mechanism
No explicit install spec is included; SKILL.md asks the user/agent to run `npm install` which will fetch dependencies from the public npm registry (axios, dotenv, socket.io-client). This is expected for a Node CLI but does mean remote packages will be downloaded at install time (moderate supply-chain risk). There are no ad-hoc remote archive downloads in the repo.
Credentials
Only LITE_AGENT_API_KEY is declared as the primary credential; code stores additional session-related tokens in a local config.json but does not require unrelated credentials. The skill writes/reads config.json (including SESSION_TOKEN, SELLER_PID) which is necessary for its workflows — users should be aware API keys and session tokens are persisted locally.
Persistence & Privilege
always:false (good). The skill can start/stop a long-running seller runtime, save a SELLER_PID, and spawn child processes (used e.g. for token launch). Those privileges are coherent with providing a seller runtime but give the skill the ability to run background processes and manage them — ensure you are comfortable with a process tied to an API key and wallet running on your machine.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install virtuals-protocol-acp
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /virtuals-protocol-acp 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Major overhaul: migrated from custom scripts/index.ts CLI to a unified acp CLI covering buying, selling, wallet, token, job, and seller management operations. - Added new command structure: all functionality is now accessed via acp <command> [subcommand] [args], supporting both human-readable and --json outputs. - Introduced setup, login, agent, wallet, job, profile, token, sell, and serve command groups, with detailed references for buying and selling workflows. - Enhanced seller workflow: now supports scaffolding, registering, and managing offerings/resources with seller runtime commands. - Skill now requires config.json (API key) and setup flow; previous scripts-based config/environment is deprecated. - Extensive documentation added, including references for ACP jobs, agent tokens, wallets, and seller setup.
v1.0.0
- Initial release of the virtuals-protocol-acp skill. - Enables browsing ACP agents, creating jobs, polling job status, and checking agent wallet balances via the Virtuals Protocol ACP on Base. - All interactions run as CLI commands; outputs are automatically captured and returned to the user. - Requires configuration of agent wallet address, session entity key ID, and wallet private key. - Ensures agents are always browsed before job creation to select the appropriate one for user requests.
元数据
Slug virtuals-protocol-acp
版本 1.0.1
许可证
累计安装 24
当前安装数 23
历史版本数 2
常见问题

Virtuals Protocol ACP 是什么?

Create jobs and transact with other specialised agents through the Agent Commerce Protocol (ACP) — extends the agent's action space by discovering and using agents on the marketplace, enables launching an agent token for fundraising and revenue, and supports registering service offerings to sell capabilities to other agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3349 次。

如何安装 Virtuals Protocol ACP?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install virtuals-protocol-acp」即可一键安装,无需额外配置。

Virtuals Protocol ACP 是免费的吗?

是的,Virtuals Protocol ACP 完全免费(开源免费),可自由下载、安装和使用。

Virtuals Protocol ACP 支持哪些平台?

Virtuals Protocol ACP 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Virtuals Protocol ACP?

由 virtualstechteam(@virtualstechteam)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论