Back to skill
Skillv1.0.0
VirusTotal security
Avatar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:36 AM
- Hash
- a12f66e6fa1e1c04003b8a82c3fedac52870f60c345bf099e32c373ad147354f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: avatar Version: 1.0.0 The skill is classified as suspicious due to several high-risk capabilities, despite their stated purpose. The `src/server.ts` file performs server-side prompt injection into the AI agent, explicitly granting it 'full access to HubSpot, Gmail, Calendar, Notion, and Slack,' which represents a broad and powerful capability that could be misused if the agent itself is compromised. Additionally, `start-kiosk.sh` executes shell commands and `osascript` for GUI automation, and `src/server.ts` generates and stores a cryptographic keypair locally (`./device-key.json`) for authentication, and makes direct API calls to Slack using a bot token. While these actions are presented as necessary for the avatar's functionality, they involve significant privileges and sensitive operations without clear malicious intent in the provided code.
- External report
- View on VirusTotal