Avatar Cog

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent digital-clone skill, but it needs Review because it stores and reuses chat logs, voice samples, and optional images to create persistent personas.

Install only if you intentionally want persistent digital-clone functionality. Use only chat logs, voices, and images you have permission to use, do not use it for impersonation or deception, review where the skill stores character data, and avoid changing OpenClaw timeout defaults unless you understand the effect.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description is written as broad marketing/invocation language and does not clearly bound when the skill should be used. In agent ecosystems, this can cause over-triggering or inappropriate selection for loosely related requests, which is riskier here because the skill enables persistent persona creation, image handling, and voice cloning.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill promotes voice cloning and account-level persistent avatars across chats without prominent warnings about consent, impersonation, retention, and cross-chat reuse of uploaded likeness/voice data. This is especially dangerous because users may provide third-party voice or image samples, and persistent storage across all chats increases privacy, misuse, and unauthorized impersonation risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal