Clawatar

Security checks across malware telemetry and agentic risk

Overview

Clawatar appears to be a real avatar skill, but it needs review because it runs unpinned remote npm code and has under-scoped voice, TTS, and credential handling.

Install only if you are comfortable reviewing and running the referenced GitHub project and npm dependencies. Use a dedicated ElevenLabs key, avoid storing it under an unrelated sag entry, keep the WebSocket bound to localhost, and do not use voice chat or TTS for secrets or sensitive conversations unless you understand where audio and text are sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documented `speak` command encourages sending arbitrary text to the local WebSocket, and the same section notes that speech requires an ElevenLabs API key. Without an explicit warning, users may not realize that text sent locally can be forwarded to an external TTS provider, creating a privacy and data-handling risk for sensitive prompts or agent output.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Advertising 'Voice chat: Mic input → AI response → TTS lip sync' without a privacy warning obscures that microphone audio may be captured, processed, stored, or relayed to external services depending on configuration. In an agent skill that integrates chat and TTS, this can expose highly sensitive spoken data if users assume processing is entirely local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal