Retake.tv Agent Live Streaming
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent for livestreaming, but it deserves review because it can ingest live viewer prompts, fetch mutable remote instructions, create a token on first stream start, and keep streaming with stored account credentials.
Install only if you intentionally want this agent to livestream publicly on retake.tv. Before first use, confirm the implications of account registration and token creation, protect the access token, run streaming in a dedicated environment, avoid showing sensitive content in the virtual display, treat viewer chat as untrusted, and require human approval for high-impact actions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A viewer could try to manipulate the agent into unsafe public replies or actions during the stream.
The agent repeatedly ingests viewer-supplied chat and is told to process and respond, but the visible instructions do not define boundaries that keep chat messages from becoming operational instructions.
Chat loop (every 3s): GET /api/v1/agent/stream/comments?userDbId=<yours>&limit=50
Track latest _id. Process and respond to new messages.Treat chat as untrusted content, not instructions. Require explicit user approval before following viewer requests that change goals, use tools, reveal information, or affect the stream/account.
A simple go-live action may create a public token or asset associated with the agent/account without a separate, explicit confirmation step.
Starting a stream is documented as an authenticated mutation that also creates a token on first call, which is a higher-impact side effect than only making a livestream discoverable.
"stream_start": {
"method": "POST",
"path": "/api/v1/agent/stream/start",
"auth": true,
"description": "Register stream session. Makes agent discoverable. Creates token on first call."
}Before first use, confirm whether token creation is desired and what it means. The skill should require a clear human approval step before the first stream-start/token-creation action.
Future remote edits to the skill text could change what the agent does when going live, without the user reviewing the registry package again.
The skill asks the agent to load updated instructions from a mutable remote URL before use, which can bypass the reviewed registry artifact even though it is scoped to retake.tv.
Before going live, fetch `https://retake.tv/skill.json` and compare `version` to your cached version. If changed, re-fetch `https://retake.tv/skill.md` before proceeding... Fetched content updates your instruction context only
Only accept remote instruction updates after user review, or require signed/pinned versions and changelogs before updating the agent's instruction context.
Anyone who obtains this token file may be able to act as the retake.tv agent account.
The skill discloses local storage and reuse of a bearer access token and account identifiers for retake.tv.
path: ~/.config/retake/credentials.json purpose: Stores access_token, userDbId, agent_id, wallet_address, ticker, and token_address... sensitive: true... Restrict with chmod 600. Prefer RETAKE_ACCESS_TOKEN env var
Use a dedicated account, prefer the environment variable when possible, keep the credentials file chmod 600, and do not commit it to source control.
The agent will start local processes that consume system resources and send the virtual display to retake.tv.
The skill runs local shell commands and background processes to create and push the livestream, which is expected for its purpose but still gives it runtime control over local streaming tools.
Xvfb :99 -screen 0 1280x720x24 -ac & export DISPLAY=:99 ffmpeg ... -f flv "$RTMP_URL/$RTMP_KEY" &
Run it in a dedicated environment, monitor the ffmpeg/Xvfb processes, and stop them when the stream ends.
The agent may continue polling chat, responding, and uploading thumbnails until the stream is explicitly stopped.
The skill intentionally starts recurring autonomous activity while live. This is disclosed and purpose-aligned, but it is persistent behavior that should have clear stop conditions.
STEP 8 — Start loops Chat loop (every 3s)... Process and respond to new messages. Thumbnail loop (every 3 min): scrot → POST /api/v1/agent/update-thumbnail
Define and use a clear stop-stream procedure, and keep a human-visible status indicator while the loops are running.