Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Avatar Runtime
v0.2.1Embeds and controls a virtual avatar using the avatar-runtime npm package. Provides Live2D rendering, VRM 3D, vector fallback, and control-driven expression/...
⭐ 0· 354·2 current·2 all-time
byacnlabs@neiljo-gy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description match the instructions: the skill is explicitly an instruction-only wrapper that runs the avatar-runtime npm package via npx and exposes a local HTTP session/control API. Declared runtime requirements (node >= 18, npm, curl, internet access for npx) and optional provider env vars (Live2D, VRM, HeyGen, KusaPics) are coherent with an avatar/renderer integration.
Instruction Scope
The SKILL.md tells the agent/operator to run npx avatar-runtime and provides scripts that download third‑party assets (ensure-default-*.sh). That behavior is expected for a runtime that can load models, but it means the agent will execute remote package code and fetch assets at runtime. The doc correctly warns about inspecting scripts and sandboxing; treat npx execution and asset downloads as sensitive actions (they may perform arbitrary network activity and could access any env vars exposed to the process).
Install Mechanism
There is no install spec; the skill relies on npx to retrieve and execute code from the npm registry at runtime. npx is a common but higher-risk mechanism because it pulls remote code on first run. The SKILL.md points to a GitHub repo to verify, but the runtime still requires internet to fetch packages and assets, so validate and pin the package source/version before trusting it in production.
Credentials
No required env vars are declared; several optional env vars are listed (HEYGEN_API_KEY, KUSAPICS_API_KEY, provider endpoints, etc.) which are plausible for provider integrations. The SKILL.md states these keys are passed to the npx process and warns about logging/exposure — this is appropriate. Users should avoid supplying sensitive production credentials to unverified remote code and should scope keys to least privilege or use dedicated test keys.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request to change other skills or system-wide config. There is no indication it tries to persist itself beyond running npx or to modify agent-wide settings.
Assessment
This skill is coherent for embedding a virtual avatar, but it executes remote npm code at runtime and will download assets. Before installing or running it: 1) Inspect the referenced repository (https://github.com/acnlabs/avatar-runtime) and pin a specific, audited package version instead of running unpinned npx in production; 2) Run npx avatar-runtime and the sample scripts in an isolated sandbox/container and monitor outbound network connections; 3) Do not provide production API keys—use scoped or test keys, and avoid exposing secrets to the runtime process; 4) Review any setup scripts (ensure-default-*.sh) to see what they download and from where; 5) If you must deploy, vendor the package (install from a known lockfile or build artifacts) rather than relying on live npx fetch; 6) Note Live2D license restrictions on sample models and avoid redistributing those assets in production.Like a lobster shell, security has layers — review code before you run it.
latestvk9765nsch4dw2gx7e3wrp8ym5h82mb82
License
MIT-0
Free to use, modify, and redistribute. No attribution required.