ClawHub

Atlas Avatar

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Atlas avatar helper, but it handles API keys and sends media through external services, so users should install it only with that data flow in mind.

Use scoped, revocable API keys; avoid running the optional viewer setup on shared machines; check that .env.local is not committed; and only upload face images, audio, prompts, and videos that you are comfortable sending to Atlas and any optional providers such as Discord, ElevenLabs, Anthropic/LLM services, and S3-compatible storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs a setup flow that writes .env.local using ATLAS_API_KEY and optionally LLM and ElevenLabs credentials, but it does not clearly warn that these secrets will be persisted to disk in another cloned application directory. Persisting secrets outside a managed vault increases the chance of accidental commit, local disclosure, or reuse by unrelated processes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Discord delivery workflow encourages posting rendered MP4s and related session content to a webhook without a clear disclosure that media and metadata leave the local/system boundary and are transmitted to Discord. Users may unknowingly send sensitive audio, face imagery, or generated media to a third party, which is especially risky for internal or regulated content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This narrated avatar pipeline sends prompts, generated script text, TTS input/output, face images from S3, and final media across multiple external services, but the documentation does not clearly call out that cross-service data sharing. The combination of multiple providers materially increases privacy, confidentiality, and compliance risk because sensitive user data may be replicated across several systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persists ATLAS_API_KEY and optional third-party API keys into a project-local .env.local file on disk without an explicit warning or confirmation. Although this is common for local development, it increases the risk of accidental disclosure through backups, shell history–adjacent workflows, directory sharing, or accidental git inclusion if repository ignore rules are misconfigured.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal