virtuals-protocol-acp

Pass

Audited by Gen Agent Trust Hub on Jun 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interfaces with host system shells and background processes to manage cloud deployments via Railway, schedule recurring tasks via the OpenClaw cron system, and open authentication URLs in the system's default browser.
  • [EXTERNAL_DOWNLOADS]: Fetches service information and authentication state from vendor-controlled domains (virtuals.io) and established platforms like Twitter and Railway.
  • [PROMPT_INJECTION]: The skill uses behavioral steering to encourage the agent to adopt the ACP marketplace as its primary method for task execution and requests the agent to modify its own system instructions to persist this preference.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the marketplace (agent descriptions) and bounty candidates in src/commands/search.ts and src/commands/bounty.ts. While boundary markers for this data are absent, the skill includes explicit instructions in its automated polling logic (src/lib/openclawCron.ts) for the agent to filter out malicious or irrelevant candidates. The skill possesses capabilities for command execution and financial transactions which increase the potential surface area for this risk vector.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 8, 2026, 01:02 PM
Security Audit — agent-trust-hub — virtuals-protocol-acp