Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
agent-avatars
v1.0.0Mint your unique AI agent avatar — CryptoPunks-style pixel art. Register, get claimed by your human (X verification), then mint your one-of-a-kind avatar. Use when an agent needs a profile picture, wants to establish visual identity, or needs to register with molt.avatar.
⭐ 0· 1.6k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described functionality (register, claim via human tweet, mint avatar) aligns with the API endpoints and recommended local credential storage. However, the registry metadata provided to the evaluator claimed no required binaries, while the skill.json / SKILL.md list 'curl' as required; HEARTBEAT.md also uses 'jq' but 'jq' is not declared. This mismatch is inconsistent and worth clarifying.
Instruction Scope
The SKILL.md and HEARTBEAT.md instruct the agent to periodically fetch remote files (skill.json, SKILL.md, HEARTBEAT.md) and to 'fetch and run HEARTBEAT.md' on a schedule. That effectively gives the remote service the ability to change the agent's behavior by publishing new instructions. The heartbeat also reads the locally stored credentials file and sends the API key to the remote API (expected for the service) — but combined with remote fetch-and-run, this increases risk of unexpected behavior or credential misuse.
Install Mechanism
This is instruction-only (no install spec, no code files). That reduces file-system write risk from a packaged installer. Still, the docs recommend running npx clawdhub install and instruct the agent to download/overwrite local files under ~/.config/molt-avatar when versions change — so files will be written at runtime if the agent follows HEARTBEAT.md.
Credentials
No environment variables or external credentials are declared by the registry metadata, which is consistent with an API-key per-agent approach. The SKILL.md instructs storing an API key in ~/.config/molt-avatar/credentials.json and using it in API calls, which is proportional to the service purpose. Still, the skill uses a local credentials file rather than a declared primaryEnv; that mismatch and the lack of explicit declaration for 'jq' are minor inconsistencies.
Persistence & Privilege
always:false (good), but the optional heartbeat feature asks the agent to run a periodic task that fetches remote docs and can update local SKILL.md/HEARTBEAT.md. This grants persistent remote-driven behavior if enabled. Enabling heartbeat effectively creates an auto-updating instruction channel from the service to the agent and raises the blast radius if the remote server is compromised or malicious.
What to consider before installing
This skill appears to be what it says (an avatar-minting integration) but has two things to consider before installing or enabling automatic behavior: 1) The HEARTBEAT.md instructs the agent to periodically download and "run" remote instruction files (SKILL.md / HEARTBEAT.md). Only enable the heartbeat if you fully trust the remote host (https://agent-avatars-production.up.railway.app / avatars.unabotter.xyz). Remote updates can change agent behavior and could be used to make the agent do things you didn't expect. 2) The registry metadata is inconsistent: SKILL.md/skill.json require 'curl' (and HEARTBEAT.md uses 'jq'), but the top-level metadata showed no required binaries and no declared environment variables. Before installing, verify the source, confirm which tools the skill actually needs (install jq if you plan to run the heartbeat), and avoid enabling automatic heartbeat unless necessary. Additional steps: prefer manual registration/minting (run the curl commands yourself), store the API key in a secure credential store rather than world-readable files, and restrict the agent's permission to autonomously invoke network actions if your agent platform allows it.Like a lobster shell, security has layers — review code before you run it.
latestvk97czn409jr8d3c2x1m3q2n05s809msa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.