Back to plugin

Security audit

Avatar

Security checks across malware telemetry and agentic risk

Overview

Avatar appears to be a legitimate video-avatar plugin, but it runs local helper code and uses your OpenClaw, LemonSlice, and LiveKit credentials and audio.

Install only if you trust the publisher and the LemonSlice/LiveKit data flow. Prefer a pinned or ClawHub version, use dedicated revocable API keys, protect your OpenClaw config and gateway token, and avoid sensitive conversations unless you are comfortable with the external provider processing.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/avatar/index.js:3695
Evidence
const next = spawn(activeLaunchCommand.executable, activeLaunchCommand.args, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/avatar/sidecar-process-control.js:51
Evidence
execFile(file, args, { encoding: "utf8", maxBuffer: 1024 * 1024 }, (error, stdout) => {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/avatar/avatar-agent-runner.js:19
Evidence
const value = process.env[name]?.trim();

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/avatar/avatar-agent-runner.js:1367
Evidence
apiKey: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/avatar/gateway-auth.js:47
Evidence
const password = [REDACTED](normalizedSettings.password, {

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/avatar/index.js:678
Evidence
...([REDACTED] !== undefined ? { apiKey: [REDACTED] } : {}),

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
web/app.js:3752
Evidence
apiKey: [REDACTED](setup?.lemonSlice?.apiKey, setup?.lemonSlice?.apiKeyConfigured),