ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Avatar

Interactive AI avatar with Simli video rendering and ElevenLabs TTS

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.1k · 6 current installs · 6 all-time installs
by@Johannes-Berggren
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (avatar with Simli + ElevenLabs TTS) matches the code and dependencies (simli-client, ElevenLabs TTS calls). However the server also integrates with an OpenClaw gateway and optional Slack/email/Stream Deck integrations — these require additional credentials/configuration not clearly declared in the SKILL.md required envs.
!
Instruction Scope
SKILL.md only declares SIMLI_API_KEY and ELEVENLABS_API_KEY and instructs installing and running the CLI, but runtime code reads additional environment variables (OPENCLAW_TOKEN, SLACK_BOT_TOKEN, ELEVENLABS_VOICE_ID) and exposes the Simli API key to the browser via /api/client-config. The server also creates a persistent device-key.json (private key) and opens WebSocket connections to the configured gateway URL — these actions are not described in the metadata/instructions.
Install Mechanism
This is an instruction-only skill but SKILL.md suggests 'npm install -g openclaw-avatar'. The code and package.json look like a normal npm package with reasonable dependencies; installing from npm is moderate risk and should be done from a trusted source. There is no remote URL download or extractor in the install spec.
!
Credentials
Declared required env vars (SIMLI_API_KEY, ELEVENLABS_API_KEY) are expected. But the code also reads OPENCLAW_TOKEN and SLACK_BOT_TOKEN (and optional ELEVENLABS_VOICE_ID) without those being declared as required. Worse, the Simli API key is included in the client config and served to the browser, which exposes a secret that SKILL.md does not warn about.
!
Persistence & Privilege
The server generates and writes a device-key.json (private key + public key) to the working directory, and will maintain long-lived WebSocket connections to an OpenClaw gateway. always:false (normal), but the written key and persistent gateway connection increase the skill's persistence and blast radius and are not clearly documented in SKILL.md.
What to consider before installing
What to consider before installing: - The skill is generally consistent with an avatar frontend (Simli + ElevenLabs) but the server also connects to an OpenClaw gateway and supports Slack/email/Stream Deck integrations. Those integrations require additional environment variables (OPENCLAW_TOKEN, SLACK_BOT_TOKEN) even though the SKILL.md only lists SIMLI_API_KEY and ELEVENLABS_API_KEY. - The server writes a device-key.json (an on-disk private key) and establishes persistent WebSocket connections to the configured gateway URL. Expect a persistent process and created files in the working directory. - The code intentionally returns the Simli API key to the browser via /api/client-config. If you consider your SIMLI_API_KEY sensitive, that means the key will be exposed to any code served to the browser. Do not run this with production secrets unless you accept that exposure. - If you plan to enable Slack or email forwarding, the skill will require additional tokens; enable only with least-privilege tokens and review the relevant code paths (/api/send-slack, /api/send-email) before providing those credentials. - Installation via npm (global) installs code from the npm registry; verify the package author, repository, and integrity before trusting it. Consider running the server in an isolated environment (container, VM) and binding ports/firewalls to localhost only. - If you need to proceed, audit the server endpoints (especially /api/*), confirm where gatewayUrl points (default is ws://127.0.0.1:18789) and whether OPENCLAW_TOKEN will be used, and avoid using production credentials until you review and understand the data flows. If you want, I can: - Point out the exact lines where additional env vars are read and where simliApiKey is leaked to the client, or - Extract and summarize all server endpoints and what they expose so you can decide whether to run it.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
Config requirements
Required envSIMLI_API_KEY, ELEVENLABS_API_KEY
CLI help (from plugin)
openclaw-avatar - Interactive AI avatar frontend

Usage: openclaw-avatar [options]

Starts the avatar server at http://localhost:5173
Requires SIMLI_API_KEY and ELEVENLABS_API_KEY environment variables.
latestvk97awnrc4003zz5wt0dgfe3zq580pk9x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS · Linux · Windows
Binsnode, npm
EnvSIMLI_API_KEY, ELEVENLABS_API_KEY

Config example

Starter config for this plugin bundle.

SIMLI_API_KEY=your-simli-api-key
ELEVENLABS_API_KEY=your-elevenlabs-api-key

SKILL.md

Avatar Skill

Interactive AI avatar interface for OpenClaw with real-time lip-synced video and text-to-speech.

Features

  • Voice Responses: Speaks conversational summaries using ElevenLabs TTS
  • Visual Avatar: Realistic lip-synced video via Simli
  • Detail Panel: Shows formatted markdown alongside spoken responses
  • Multi-language: Supports multiple languages for speech and TTS
  • Slack/Email: Forward responses to Slack DMs or email (when configured)
  • Stream Deck: Optional hardware control with Elgato Stream Deck

Setup

  1. Get API keys:

  2. Set environment variables:

    export SIMLI_API_KEY=your-key
export ELEVENLABS_API_KEY=your-key

  3. Start the avatar:

    openclaw-avatar

  4. Open http://localhost:5173

Response Format

When responding to avatar queries, use this format:

<spoken>
A short conversational summary (1-3 sentences). NO markdown, NO formatting. Plain speech only.
</spoken>
<detail>
Full detailed response with markdown formatting (bullet points, headers, bold, etc).
</detail>

Guidelines

  1. spoken: Brief, natural, conversational. This is read aloud.
  2. detail: Comprehensive information with proper markdown.
  3. Always include both sections.

Example

User: "What meetings do I have today?"

<spoken>
You have three meetings today. Your first one is a team standup at 9 AM, then a product review at 2 PM, and finally a 1-on-1 with Sarah at 4 PM.
</spoken>
<detail>
## Today's Meetings

### 9:00 AM - Team Standup
- **Duration**: 15 minutes
- **Attendees**: Engineering team

### 2:00 PM - Product Review
- **Duration**: 1 hour
- **Attendees**: Product, Design, Engineering leads

### 4:00 PM - 1:1 with Sarah
- **Duration**: 30 minutes
- **Notes**: Follow up on project timeline
</detail>

Session Key

Avatar responses use session key: agent:main:avatar

Files

17 total
Select a file
Select a file to preview.

Comments

Loading comments…