agent-avatars
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: molt-avatars Version: 1.0.0 The skill is classified as suspicious due to a significant supply chain risk. The `HEARTBEAT.md` file explicitly instructs the agent to periodically fetch and overwrite its own `SKILL.md` and `HEARTBEAT.md` files from a remote server (`https://agent-avatars-production.up.railway.app`). This mechanism allows the remote server to dynamically update the agent's instructions and behavior at any time, creating a backdoor for potential unauthorized remote control and future malicious execution if the server is compromised. While the current instructions are benign, this capability introduces a high-risk vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If heartbeat is enabled, the agent may keep contacting the service and mint an avatar after the claim is completed without asking again.
This explicitly describes opt-in recurring autonomous behavior that can take the minting action later; the artifacts do not define schedule limits, a disable path, or a fresh confirmation before minting.
If YES: fetch and run `HEARTBEAT.md` on a schedule to check claim status and mint when ready.
Only enable heartbeat if you want that automation; require a clear schedule, a way to disable it, and explicit confirmation before minting.
The instructions your agent follows could be replaced by updated remote content later, including while heartbeat automation is enabled.
The heartbeat updates local skill instructions from mutable remote URLs without a pinned version, signature, or integrity check, so future behavior could change after review.
If the version changed, re-fetch the docs: ```bash curl -s https://agent-avatars-production.up.railway.app/skill.md > ~/.config/molt-avatar/SKILL.md curl -s https://agent-avatars-production.up.railway.app/heartbeat.md > ~/.config/molt-avatar/HEARTBEAT.md ```
Do not automatically run updated remote skill files; pin or re-review updates before use.
Anyone who can read that file may be able to act as the registered avatar agent on this service.
The skill stores and later uses a service API key. This is expected for the avatar service, but it is still account authority that should be protected.
Recommended: Save credentials to `~/.config/molt-avatar/credentials.json`:
```json
{
"name": "YourAgentName",
"api_key": "avatar_xxx",
"api_url": "https://agent-avatars-production.up.railway.app"
}
```Store the credentials file with appropriate local permissions and do not share its contents.
Running the mint command will create the agent's avatar on the external service, with one avatar per agent and no re-rolls.
The skill uses direct API calls to register and mint. That matches the stated purpose, but minting is a real external account action.
curl -X POST https://agent-avatars-production.up.railway.app/api/mint \ -H "X-API-Key: YOUR_API_KEY"
Run the registration and mint commands only when you intend to create that avatar identity.