To help people who are less technically inclined (and who do not want to install CC and unity, and go through the non-trivial upload process) install avatars to their account, especially avatars that were customized by a third party, it would be useful for there to be a feature in the SDK where you could export an avatar to a binary file (perhaps digitally signed by the vrchat user who exported the avatar, for accountability purposes, and perhaps encrypted), which could then be passed to a regular VRChat user, who can then upload that exported avatar binary to their account via the web portal. Server process then validates the signature, the data, and if good, installs the avatar in their list of uploaded avatars.

This would have the following benefits:

1) Users who contract avatar customization to third parties do not have to (against the rules) give their login info to these third parties in order to upload the avatar to the user's account. They can receive the export binary from the contractor, and upload it themselves via the web portal.

2) Avatar makers could prepare a binary -- and perhaps an enhancement of the upload process, may be to upload texture replacements along with the signed binary. This would give avatar vendors the ability to ship "a basic avatar" which can have basic user customizations without needing any unity knowledge.

Existing avatars can be updated by associating the upload with an existing avatar id that belongs to your account.

The export process should still involve a temporary upload to VRChat servers, which validate the avatar, sign it with a key associated with the exporting user, attach any other useful and relevant metadata, and encrypt it (with a key that only VRChat has) in order to prevent the export from being exploited as means to share avatar assets with unlicensed parties (that is, prevent disassembly for the purpose of extracting avatar assets). VRChat transmits the signed and encrypted binary back to the user's SDK process, which saves the file to disk. Certain metadata (such as texture files flagged as swappable) can be exposed without encryption, to designate customization options as part of the user upload process.