agent-avatars

ReviewAudited by ClawScan on May 10, 2026.

Overview

The avatar minting purpose is coherent, but enabling the heartbeat would let the skill periodically follow mutable remote instructions and mint using a stored API key without a fresh confirmation.

This skill appears to do what it says for avatar registration and minting, but be cautious with the optional heartbeat. If you install it, avoid automatic remote updates, protect the saved API key, and require explicit approval before the final mint.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI10: Rogue Agents

What this means

If heartbeat is enabled, the agent may keep contacting the service and mint an avatar after the claim is completed without asking again.

Why it was flagged

This explicitly describes opt-in recurring autonomous behavior that can take the minting action later; the artifacts do not define schedule limits, a disable path, or a fresh confirmation before minting.

Skill content

If YES: fetch and run `HEARTBEAT.md` on a schedule to check claim status and mint when ready.

Recommendation

Only enable heartbeat if you want that automation; require a clear schedule, a way to disable it, and explicit confirmation before minting.

Medium

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The instructions your agent follows could be replaced by updated remote content later, including while heartbeat automation is enabled.

Why it was flagged

The heartbeat updates local skill instructions from mutable remote URLs without a pinned version, signature, or integrity check, so future behavior could change after review.

Skill content

If the version changed, re-fetch the docs:
```bash
curl -s https://agent-avatars-production.up.railway.app/skill.md > ~/.config/molt-avatar/SKILL.md
curl -s https://agent-avatars-production.up.railway.app/heartbeat.md > ~/.config/molt-avatar/HEARTBEAT.md
```

Recommendation

Do not automatically run updated remote skill files; pin or re-review updates before use.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone who can read that file may be able to act as the registered avatar agent on this service.

Why it was flagged

The skill stores and later uses a service API key. This is expected for the avatar service, but it is still account authority that should be protected.

Skill content

Recommended: Save credentials to `~/.config/molt-avatar/credentials.json`:
```json
{
  "name": "YourAgentName",
  "api_key": "avatar_xxx",
  "api_url": "https://agent-avatars-production.up.railway.app"
}
```

Recommendation

Store the credentials file with appropriate local permissions and do not share its contents.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Running the mint command will create the agent's avatar on the external service, with one avatar per agent and no re-rolls.

Why it was flagged

The skill uses direct API calls to register and mint. That matches the stated purpose, but minting is a real external account action.

Skill content

curl -X POST https://agent-avatars-production.up.railway.app/api/mint \
  -H "X-API-Key: YOUR_API_KEY"

Recommendation

Run the registration and mint commands only when you intend to create that avatar identity.