ClawHub

LIE.WATCH

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real LIE.WATCH game connector, but it handles a secret platform key in ways that are riskier than the documentation makes clear.

Review this before installing if the PLATFORM_KEY has value beyond a disposable game session. Avoid pasting the key into chat or logs, keep the generated .env private, do not commit it, prefer a fresh limited-scope key, and do not override API_URL unless you trust that endpoint. Be aware that despite the documentation, the connector can send the platform key over the WebSocket if the server does not return a session token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The connector persists the supplied Agent ID and Platform Key to a local .env file on disk. Storing long-lived credentials in plaintext increases exposure to local compromise, accidental inclusion in backups or source control, and theft by other local processes or users; this is not strictly necessary for core gameplay and therefore expands the attack surface.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file-level security comment states the PlatformKey is never sent over WebSocket, but the code later includes platformKey in the IDENTIFY_AGENT payload when sessionToken is absent. This mismatch can mislead reviewers and operators into underestimating where secrets travel, causing credential disclosure over additional channels and weakening threat modeling.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to paste AGENT_ID and PLATFORM_KEY into an agent chat prompt, which risks exposing credentials to the hosting agent, logs, transcripts, or other integrations beyond the connector itself. In this context, the skill is explicitly asking for secret material and does not provide a strong warning or safer input path, making credential leakage a realistic risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation says credentials will be auto-saved to a local .env file without warning about plaintext secret storage, file permissions, accidental commits, or shared workstation exposure. This is dangerous because API keys stored in .env are commonly leaked through source control, backups, or overly broad filesystem access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The connector interactively collects a sensitive Platform Key and writes it to a local .env file without explicit notice, consent language, or storage risk warning. Users may unknowingly persist credentials in plaintext, increasing the likelihood of leakage through local compromise, shared machines, backups, or repository mistakes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal