Aavegotchi Renderer Bypass
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: aavegotchi-renderer-bypass Version: 0.1.0 The `scripts/render-gotchi-bypass.mjs` script allows a user-controlled output directory via the `--out-dir` argument. This argument is used directly in `fs.mkdirSync` and `path.join` to determine where files are written, creating a directory traversal vulnerability. An attacker could potentially write files to arbitrary locations on the filesystem (e.g., `../../../../etc/malicious.json`) by providing a crafted `--out-dir` value, which is a significant vulnerability, though not indicative of intentional malicious design by the skill developer.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill runs local JavaScript code on the user's machine or agent environment.
The skill expects local execution of a bundled Node script. This is clearly documented and central to the rendering task, with no evidence of eval, shell chaining, or hidden auto-execution.
Run the bundled script: `node scripts/render-gotchi-bypass.mjs --token-id 6741`
Run it only when you intend to render a token, and review the included script if you need higher assurance.
The agent will contact Goldsky/Aavegotchi services and save render JSON/PNG artifacts to disk.
The helper posts to the Aavegotchi renderer API and downloads returned image artifacts. This is disclosed and purpose-aligned, but it means the skill performs outbound network requests and local writes.
const batchResult = await postJson(`${DAPP_BASE}/api/renderer/batch`, batchPayload); ... await downloadFile(fullUrl, artifacts.fullPngPath);Use it for intended public token IDs and choose an output directory where saved files are acceptable.
It may be harder to independently verify the author, update history, or runtime expectations before installing.
The package provenance and install metadata are sparse even though a runnable helper script is included. The provided script is readable and coherent, so this is a provenance note rather than a concern.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Inspect the bundled files before use and ensure a trusted Node runtime is available.