Avatar Runtime
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is purpose-aligned for running an avatar runtime, but it depends on executing an external npm package and may pass provider API keys, so users should verify it before use.
Before installing, verify the avatar-runtime npm package and repository, run the first test in a sandbox, inspect any helper scripts that download assets, and avoid exposing provider API keys in shared environments.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can execute local Node/npm/curl/bash commands on the user's machine.
The skill grants the agent local command capabilities needed to start and control the avatar runtime, but these tools can also execute local commands if misused.
allowed-tools: Bash(node:*) Bash(curl:*) Bash(npm:*) Bash(bash:*)
Approve commands intentionally, run from a controlled project directory, and prefer a sandbox for first use.
If the npm package or referenced helper scripts are compromised or different from what the user expects, local code could run with the user's permissions.
The runtime is fetched from npm rather than reviewed as bundled code, so package provenance and version selection matter.
This skill contains **no bundled server code** — it instructs the agent to download and execute the `avatar-runtime` npm package via `npx` at runtime.
Verify the npm package and repository, pin a trusted version where possible, and follow the skill's own advice to inspect scripts and sandbox first.
Provider API keys could be exposed through shell history, process environments, logs, or shared machines if handled carelessly.
The skill may use third-party provider API keys. This is disclosed and related to avatar provider integrations, but credentials require careful handling.
`HEYGEN_API_KEY` and `KUSAPICS_API_KEY` are passed as environment variables directly to `npx avatar-runtime`.
Use least-privileged keys, avoid shared shells or logs, and unset or rotate keys after testing if exposure is possible.