Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawatar
v0.2.0Give your AI agent a 3D VRM avatar body with animations, expressions, voice chat, and lip sync. Use when the user wants a visual avatar, VRM viewer, avatar companion, VTuber-style character, or 3D character they can talk to. Installs a web-based viewer controllable via WebSocket.
⭐ 2· 1k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (3D VRM avatar with TTS/lip-sync) aligns with the runtime instructions (git clone a viewer, run npm, open local web + WebSocket). However the registry metadata lists no required env vars or config paths while SKILL.md explicitly requires an ELEVENLABS_API_KEY and references ~/.openclaw/openclaw.json — this mismatch is unexpected.
Instruction Scope
SKILL.md instructs cloning a GitHub repo, running npm install and npm run start (which will download and execute third-party JS), opening local ports, and optionally reading/storing an ElevenLabs API key in ~/.openclaw/openclaw.json under skills.entries.sag.apiKey. The instruction to persist a credential in a global config and the mismatch of the config key name (sag.apiKey) are scope-creep and potentially surprising to users.
Install Mechanism
There is no formal install spec in the registry; instead SKILL.md tells the agent/user to git clone https://github.com/Dongping-Chen/Clawatar and run npm install/start. That causes arbitrary code from a third-party repo and npm packages to be installed and executed on the host — normal for this functionality but a material risk unless the repo and package.json/scripts are reviewed.
Credentials
Requesting an ElevenLabs API key is proportional for TTS. But the registry incorrectly declares no env vars, and SKILL.md suggests storing the key either in the environment (ELEVENLABS_API_KEY) or in a shared ~/.openclaw/openclaw.json under a non-obvious key (skills.entries.sag.apiKey). Asking to persist credentials in a global/shared config without declaring it is concerning.
Persistence & Privilege
always:false (ok) and autonomous invocation is default (not by itself alarming). However the guidance to place an API key into the global OpenClaw config (which could be read by other skills) increases the blast radius for credential exposure. The skill also writes into ~/.openclaw/workspace/clawatar which is a persistent workspace location.
What to consider before installing
This skill appears to do what it says (a local web-based VRM viewer with TTS), but there are several red flags you should address before installing: 1) The registry metadata omits that an ELEVENLABS_API_KEY and a config path (~/.openclaw/openclaw.json) are used — ask the publisher to update metadata. 2) The runtime requires git clone + npm install + npm run start of a third-party GitHub repo; inspect that repo, especially package.json and any npm scripts, before running. 3) Prefer providing ELEVENLABS_API_KEY via environment variable (ELEVENLABS_API_KEY) rather than writing it into a shared ~/.openclaw config; if you must store it, review who/what can read that file. 4) Run the viewer in an isolated environment (container or VM) if you cannot fully vet the code. 5) Verify licensing for Mixamo assets and confirm the GitHub repo's trustworthiness (owner, commit history, issues). If you want, ask the skill author for a homepage, signed release, or a minimal install payload (e.g., packaged release) rather than running npm install from master.Like a lobster shell, security has layers — review code before you run it.
latestvk97ab9h83veh9h8qy79r18azx980zmyp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.