← Back to Skills Marketplace
S2-Digital-Avatar
by
MilesXiang
· GitHub ↗
· v1.0.1
· MIT-0
212
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install s2-digital-avatar
Description
Middleware enforcing digital avatar mandates by intercepting unauthorized AI actions, pausing sensitive requests for local LLM judgment, and emailing audit a...
Usage Guidance
This skill is plausibly what it says, but exercise caution before installing and running:
- External dependency: SKILL.md requires a Mandate (avatar_identity.json) from a different skill ('s2-digital-avatar') but that dependency is not declared — ensure you actually have a trusted source for that file and inspect it before use.
- Credential handling: The skill asks for an SMTP 'app password' and stores it unencrypted in smtp_config.json in the current working directory. If you proceed, consider using a dedicated mailbox with an app password, or modify the code to store credentials securely (OS keyring / encrypted store) and avoid committing that directory to backups or source control.
- Code correctness: The Python contains an inconsistency: the system check looks for a 'mandate' key in avatar_identity.json but later the code uses avatar_data['identity']['avatar_id']. This mismatch can cause runtime errors or unexpected OFFLINE behavior. Review and test the code in a safe environment before trusting it for production enforcement.
- High-impact instruction: The skill provides an 'override' prompt and explicitly tells you to inject it into subordinate agents' system prompts. That gives those other agents a behavior constraint; do this only for agents you control and after understanding the consequences.
- LLM availability fallback: If the local LLM (localhost:1234) is down, the middleware DENIES everything (failsafe). That prevents actions but can break legitimate workflows — test the LLM connectivity and consider how denials affect availability.
If you decide to try it: run the skill in an isolated/test environment first, review the avatar_identity.json content, verify local-LM connectivity, and consider updating the code to avoid plaintext credential storage and to fix the JSON key inconsistency. If you are not comfortable inspecting or modifying the Python, treat this as untrusted and do not install.
Capability Analysis
Type: OpenClaw Skill
Name: s2-digital-avatar
Version: 1.0.1
The skill functions as a 'security middleware' that collects and stores sensitive SMTP credentials (including email app passwords) in a local plaintext JSON file (smtp_config.json) to send automated alerts. It also provides a 'Grid Override' prompt designed to subordinate other AI agents to its own decision-making logic. While the code appears to function as described without clear evidence of exfiltration to a third party, the handling of plaintext credentials and the implementation of control-oriented prompt injection patterns against other agents are high-risk behaviors. Files: skill.py, SKILL.md.
Capability Assessment
Purpose & Capability
The name/description (authorization middleware that pauses sensitive actions, queries a local LLM, and emails alerts) aligns with the code and SKILL.md: it calls a local LLM, sends SMTP emails, and stores local files. However the SKILL.md says you must first generate a Mandate using a separate skill ('s2-digital-avatar') — that external dependency is not declared in the manifest or registry metadata. Also manifest and registry versions differ (manifest v1.1.0 vs registry v1.0.1). These omissions are implementation sloppiness that reduce transparency.
Instruction Scope
SKILL.md directs the agent/operator to configure SMTP credentials, ensure an avatar_identity.json exists, call a local LLM at http://localhost:1234, and to inject an 'S2 GRID OVERRIDE' string into OpenClaw's system prompt to force subordinate agents to seek approvals. The code reads/writes local files (smtp_config.json, avatar_identity.json, audit_logs.json) and will call the local LLM. Asking the user to modify other agents' system prompts grants this skill (via human action) broad control over subordinate agents; this is within purpose but high-impact and should be done deliberately. The instructions also rely on files/keys that are referenced inconsistently in the code (see below).
Install Mechanism
No install spec; skill is instruction + a Python file. There is no external download or package installation. This minimizes delivery risk, but the provided Python code will be executed by the agent runtime if invoked.
Credentials
The skill requests SMTP credentials interactively and saves them to smtp_config.json in the working directory. Requesting SMTP credentials is proportionate to the stated purpose (alert emails), but storing an app password in plaintext on disk is a sensitive persistence choice and not documented as optional. It also expects an avatar_identity.json generated by another skill; that external credential/authority material is not declared in manifest fields. No other unrelated credentials are requested.
Persistence & Privilege
The skill creates and persists a local directory (s2_middleware_data) and JSON files (smtp_config.json, audit_logs.json) in the current working directory. It does not request always:true or modify other skills' configs programmatically, but it instructs the operator to inject an override into other agents' system prompts — this is a manual but high-privilege action. The code also implements a fail-safe: if the local LLM is unreachable, it DENIES all requests, which has availability/operational effects.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install s2-digital-avatar - After installation, invoke the skill by name or use
/s2-digital-avatar - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
## s2-digital-avatar v1.0.1
- No changes detected in files or documentation for this version.
- Version number updated only; functionality and documentation remain the same.
v1.0.0
s2-digital-avatar v1.0.0
- Initial release of S2-Avatar-Middleware: a gatekeeper layer for digital avatar permissions.
- Bilingual documentation (English / 中文) for broader accessibility.
- Enforces strict pre-flight checks: requires a valid avatar mandate and configured SMTP email for audit alerts.
- Suspends sensitive agent actions for local avatar (LLM) judgment, enforcing defined laws and personal preferences.
- Designed to enhance safety and user control over autonomous agent behavior.
Metadata
Frequently Asked Questions
What is S2-Digital-Avatar?
Middleware enforcing digital avatar mandates by intercepting unauthorized AI actions, pausing sensitive requests for local LLM judgment, and emailing audit a... It is an AI Agent Skill for Claude Code / OpenClaw, with 212 downloads so far.
How do I install S2-Digital-Avatar?
Run "/install s2-digital-avatar" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is S2-Digital-Avatar free?
Yes, S2-Digital-Avatar is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does S2-Digital-Avatar support?
S2-Digital-Avatar is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created S2-Digital-Avatar?
It is built and maintained by MilesXiang (@spacesq); the current version is v1.0.1.
More Skills