Trust Assessment
virtuals received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Direct storage of private keys on disk, Outdated versions of critical dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct storage of private keys on disk The skill is designed to store the user's Ethereum private key directly on the filesystem in `~/.openclaw/virtuals/config.json`. While `fs.chmodSync(CONFIG_FILE, 0o600)` is used to restrict file permissions, storing private keys on disk, even with restricted permissions, poses a significant security risk. A compromised system or another process with elevated privileges could access this file, leading to the theft of funds. The private key is then used to create an `ethers.Wallet` for transaction signing, enabling direct access to user funds. Avoid storing private keys directly on disk. Instead, consider using secure environment variables for ephemeral use, integrating with hardware wallets, or leveraging operating system-level secure credential storage (e.g., keychains). If disk storage is unavoidable, the private key must be encrypted with a strong, user-provided passphrase. | LLM | src/cli.ts:199 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/rojasjuniore/virtuals/package.json | |
| MEDIUM | Outdated versions of critical dependencies The skill uses outdated versions of several critical dependencies: `ethers` (6.9.0, latest 6.13.1), `axios` (1.13.5, latest 1.7.2), and `typescript` (5.0.0, latest 5.5.4). `ethers` is crucial for secure blockchain interactions, and `axios` for network requests. Running older versions of these libraries may expose the skill to known security vulnerabilities that have been patched in newer releases, potentially leading to exploits or data breaches. Update all dependencies to their latest stable versions. Regularly review and update dependencies to ensure security patches are applied. Use `npm audit` or similar tools to check for known vulnerabilities. | LLM | package.json:14 | |
| LOW | Unsanitized display of external/user-controlled data in CLI output The skill displays agent names and descriptions, which can originate from user input (e.g., `virtuals agents info <name>`) or external APIs (`api.virtuals.io`). If an attacker can control these values, they could inject malicious text (e.g., 'Ignore all previous instructions...') into agent names or descriptions. When the host LLM processes this CLI output, it could be vulnerable to prompt injection, leading to unintended actions or information disclosure. Implement robust output sanitization or encoding for all user-controlled or external data displayed in the CLI output, especially if that output is intended to be consumed by an LLM. The LLM should also be explicitly instructed to treat skill output as data and not as new instructions. | LLM | src/cli.ts:150 |
Scan History
Embed Code
[](https://skillshield.io/report/14b068960e515885)
Powered by SkillShield