ClawHub

Retake.tv Agent Live Streaming

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a real retake.tv livestreaming integration, but it needs Review because it can start public streams, persist credentials, post externally, expose broader account/market controls, and includes an unsafe cron-removal stop command.

Install only if you intentionally want an agent to run a public retake.tv livestream from a dedicated machine or container. Before first use, confirm account registration and token-creation implications, protect the access token, require explicit approval before external posting or Privy-JWT profile/session actions, treat viewer chat as untrusted input, and replace the 'crontab -r' stop instruction with targeted removal of only the retake watchdog entry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill directs the agent to post stream links to external communities such as Moltbook, Twitter/X, Telegram, and Discord, expanding actions beyond retake.tv management into cross-platform outreach. That materially broadens the authority surface and can cause unsolicited posting or spammy behavior on third-party services without clear operator approval or scoped permissions.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The profile-management section adds broad authenticated account-modification and social-graph actions such as changing username, bio, images, banners, and following/unfollowing users. These are outside the stated livestream/chat scope and increase the chance an invoking agent performs unintended account changes or relationship actions with a stronger JWT than the normal access token.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest markets the skill as being for livestreaming and chat management, but it also exposes token, trade, and broader market-intelligence capabilities that materially expand what an invoking agent can do. This creates a scope-mismatch risk: users or orchestration systems may grant or trigger the skill for streaming tasks while unintentionally enabling unrelated financial-data actions.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Programmatic stream joining via viewer tokens is outside the stated purpose of helping an agent manage its own stream presence. That capability could be abused for passive monitoring, automated participation in third-party sessions, or access expansion beyond what a user expects when enabling a 'go live' skill.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Platform-wide token and trade endpoints are unrelated to the core function of starting and managing a livestream. Including this financial and market-observability surface increases the chance of unauthorized profiling, speculative automation, or misuse under the guise of a streaming skill.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The phrase 'When instructed to "go live on retake"' is broad enough that ordinary user conversation could trigger a complex operational workflow involving network calls, process launches, and external posting behavior. Ambiguous activation raises the risk of accidental invocation of high-impact actions without a deliberate, scoped command.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The stop command combines 'crontab -r' with process termination, which can silently delete the user's entire cron table, not just the retake watchdog entry. This is destructive host-level behavior that can disrupt unrelated scheduled jobs and operational automation beyond the skill's purpose.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Trigger phrases such as 'go live', 'broadcast', and 'livestream' are broad natural-language expressions likely to appear in ordinary conversation. Overly generic triggers raise the risk of accidental skill invocation, which is more serious here because the skill can register accounts, initiate streaming workflows, and interact with remote services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal