Is dongping-chen/clawatar safe?

https://github.com/openclaw/skills/tree/main/skills/dongping-chen/clawatar

84
SAFE

Clawatar is a legitimate VRM avatar viewer skill that provides 3D character visualization with animations and TTS capabilities. The main security concern is execution of external Node.js code during installation, though monitoring showed normal behavior. The skill appropriately implements local server architecture for avatar control.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

MEDIUM External Node.js Code Execution -40

The skill downloads and executes external JavaScript code from GitHub repository 'Dongping-Chen/Clawatar' via npm install. While monitoring showed normal behavior, the package.json contents were not fully visible, creating potential supply chain risk.

LOW Third-party API Key Access -15

The skill requires access to ElevenLabs API keys for text-to-speech functionality, either from environment variables or OpenClaw configuration files. This is legitimate for the stated functionality but represents credential access.

INFO Local Server Components -10

The skill runs local web server (port 3000) and WebSocket server (port 8765) for avatar control interface. This is appropriate for the VRM avatar viewer functionality.