ClawHub

Agent Avatar Manager

Security checks across malware telemetry and agentic risk

Overview

The skill’s avatar-changing purpose is coherent, but it persists a Freepik API key in a general workspace file and makes lasting identity changes with incomplete disclosure.

Review before installing. Use it only if you are comfortable with persistent changes to your OpenClaw identity and third-party image/API requests. Avoid pasting a Freepik API key unless you understand where it will be saved; prefer an environment variable or dedicated secret store, and delete or rotate any key that was written to TOOLS.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill expands scope from avatar management into credential storage by instructing the agent to persist a user-provided Freepik API key in TOOLS.md. Persisting secrets in a general workspace file increases the chance of unintended disclosure to other skills, logs, sync mechanisms, or future prompts that read project files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that a pasted Freepik API key is automatically saved to TOOLS.md for future use, but it does not clearly warn users that a secret will be persisted to disk. Persisting credentials without explicit informed consent increases the risk of accidental exposure through file syncing, repository commits, workspace sharing, or other local access to the workspace files.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill description says it auto-saves files and updates IDENTITY.md, but it does not clearly warn that it will modify workspace state and agent configuration when invoked. This can lead users to trigger persistent file writes and identity changes without informed consent, especially from a natural-language phrase like 'change avatar'.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill does not clearly disclose that user descriptions, search terms, image URLs, and downloaded content may be sent to Freepik or arbitrary remote hosts. This creates a privacy and data-handling risk because users may unknowingly expose personal preferences, internal avatar URLs, or other sensitive metadata to third parties.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal