ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sideload Avatar Generator

v1.0.2

Generate 3D avatars (VRM/GLB/MML) from text or images via Sideload.gg, paying $2 USDC per generation using any x402 wallet on Base.

2· 739·0 current·0 all-time
by@directivecreator
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, required binary (node), packaged scripts, and network endpoints (sideload.gg) are consistent: the skill submits prompts/images, accepts an x402 payment token, polls for a job, and downloads results. No unrelated cloud credentials or binaries are requested.
Instruction Scope
Runtime instructions and included scripts only reference the Sideload API and result URLs. They read a local image file if you supply a path (and will base64-embed it into the request) and write downloaded outputs to an output directory. This is expected for an uploader/downloader, but it means any local file path you pass will be transmitted to the remote service.
Install Mechanism
No remote install or arbitrary download is performed by the skill itself (it's instruction/code included in the bundle). It relies only on Node.js and npm (explicit npm install recommended). There are no suspicious external installers or obscure download URLs in the manifest.
!
Credentials
No environment variables or long-lived credentials are required. However, the tool expects an x402 payment token passed as a command-line argument (--x402-token). Passing secrets via CLI exposes them to other local users via process listings and may be recorded in shell history; additionally, uploading a local image path will transmit that file to sideload.gg (possible leakage of sensitive files if misused).
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not alter other skills or system-wide settings, and does not persist credentials. default autonomous invocation settings are unchanged.
Assessment
This package appears to implement exactly what it claims — a Node.js CLI that posts prompts/images to sideload.gg and pays via an x402 token — but take these precautions before running it: 1) Treat the x402 token as a secret. Avoid passing it on the command line if others share the machine or if you care about it appearing in process listings or shell history; prefer a safer mechanism (stdin, ephemeral file, or an environment variable in a secure session) if possible. 2) Only upload images you intend to share: if you pass a local file path the script will base64-embed and send the file to the remote service (do not point it at sensitive files). 3) Verify the service domains (sideload.gg, aimml.sideload.gg, aimml.onrender.com) and, if concerned, inspect the included scripts (generate.js/status.js) yourself before running. 4) Ensure you have Node.js 18+ (the scripts use global fetch). 5) If you need higher assurance, confirm the upstream repository and release provenance (package.json points to a GitHub repo but the skill's homepage is missing in registry metadata).

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎭 Clawdis
Binsnode
latestvk97a634ekrtfyda9ww9jq0889s815mnr
739downloads
2stars
3versions
Updated 9h ago
v1.0.2
MIT-0
@directivecreator
latest
Download

Sideload Avatar Generator

Generate 3D avatars from text prompts or reference images using Sideload.gg. Pay-per-use via the x402 protocol — $2 USDC per generation on Base.

Works with any x402 wallet. Bring your own wallet and private key — no proprietary wallet required.

What You Get

Each generation produces four formats:

FormatFileUse Case
GLB.glbUniversal 3D — Three.js, Unity, Unreal, web viewers
VRM.vrmAvatar standard — VRChat, VTubing, social apps
MMLURLMetaverse Markup Language — for MML-compatible worlds
PNG.pngProcessed reference image used for generation

🎭 Rendering Avatars with @pixiv/three-vrm

The VRM output is designed to work with @pixiv/three-vrm — the standard Three.js library for loading, displaying, and animating VRM avatars. If you're already building with Three.js, generated avatars plug right in with full skeleton support:

import * as THREE from 'three';
import { GLTFLoader } from 'three/examples/jsm/loaders/GLTFLoader';
import { VRMLoaderPlugin } from '@pixiv/three-vrm';

const loader = new GLTFLoader();
loader.register((parser) => new VRMLoaderPlugin(parser));

loader.load('https://aiml.sideload.gg/models/avt-xxx.vrm', (gltf) => {
  const vrm = gltf.userData.vrm;
  scene.add(vrm.scene);

  // Animate bone transforms, look-at, etc.
});

This makes it easy to generate an avatar with Sideload and immediately use it in any Three.js scene — games, social apps, virtual worlds, VTubing, and more.

For more on building interactive 3D experiences in the metaverse, see awesome-mml — a curated list of MML (Metaverse Markup Language) resources.

Prerequisites

  • Node.js 18+

  • An x402 payment token — sign a payment with your own wallet/signer and pass it via --x402-token. This skill never handles private keys.

    # Check the cost first
node scripts/generate.js --probe

# Generate with your x402 token
node scripts/generate.js --prompt "..." --x402-token <base64-encoded-payment>

    Use any x402-compatible client to obtain a payment token: Coinbase x402 SDK, Thirdweb x402, or your own signing flow.

Setup

npm install

Usage

Generate from Text Prompt

node scripts/generate.js --prompt "A cyberpunk samurai with glowing red armor" --x402-token <token>

Generate from Image URL

node scripts/generate.js --image https://example.com/character.png --x402-token <token>

Generate from Local Image

node scripts/generate.js --image /path/to/photo.jpg --x402-token <token>

Check Cost (No Payment)

node scripts/generate.js --probe

Check Job Status

node scripts/status.js avt-a1b2c3d4

Options

FlagDescription
--prompt "text"Text description of the avatar
--image <url-or-path>Reference image (URL or local file path)
--x402-token <token>x402 payment token (required for generation)
--probeCheck cost without generating
--output <name>Custom filename for downloaded files
--no-downloadSkip downloading result files

API Reference

See SIDELOAD-API.md for the full API documentation, or visit sideload.gg/agents/raw.

Quick Reference

Generate:

POST https://sideload.gg/api/agent/generate
Headers: Content-Type: application/json, x-payment: <x402_token>

Text: { "type": "text", "prompt": "description" } Image: { "type": "image", "imageUrl": "https://..." }

Poll: GET https://sideload.gg/api/agent/generate/{jobId}/status (no auth needed)

Prompt Tips

Be specific about:

  • Appearance: clothing, colors, accessories
  • Style: realistic, anime, cartoon, cyberpunk
  • Features: armor, weapons, hairstyle, wings

Good prompts:

  • "A steampunk engineer with leather tool belt, copper mechanical arm, weathered pilot hat"
  • "An anime-style sorceress with long silver hair, glowing purple eyes, ornate golden staff"
  • "A futuristic soldier in white and blue power armor with glowing energy shield"

Image Tips

  • PNG, JPG, or WebP
  • Front-facing portraits or full-body shots work best
  • Clear outlines and distinct clothing/features
  • Higher resolution → better results

Rate Limits & Cost

  • $2 USDC per generation (x402 on Base, chain ID 8453)
  • 10 generations per 30 minutes per wallet
  • Check Retry-After header on 429 responses

Links

Comments

Loading comments...