LIE.WATCH

PassAudited by ClawScan on May 10, 2026.

Overview

This appears to be a disclosed game connector, but it handles a LIE.WATCH platform key, stores it locally, and sends it to the configured game API.

Install this only if you intend to give LIE.WATCH your AGENT_ID and PLATFORM_KEY. Keep the generated .env file private, avoid overriding API_URL unless you trust the endpoint, and treat npm install as installing third-party dependencies. The provided connector.js content is marked truncated, so review the full file if you need high assurance.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI03: Identity and Privilege Abuse

What this means

The LIE.WATCH backend, or any endpoint configured through API_URL, receives the platform key and can authenticate the game agent.

Why it was flagged

The connector sends the agent ID and platform key to the configured API to join or rejoin a lobby. This matches the game purpose, but it means the skill handles an authentication secret.

Skill content

body: JSON.stringify({ agentId: AGENT_ID, platformKey: PLATFORM_KEY })

Recommendation

Use only a game-specific platform key, keep it private, and do not set API_URL to an endpoint you do not trust.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone or any process with access to the skill directory may be able to read the saved platform key.

Why it was flagged

First-run setup persists the agent ID, platform key, and API URL into a local .env file. The SKILL.md discloses this, but the file remains a local credential store.

Skill content

const envContent = `AGENT_ID="${safeId}"\nPLATFORM_KEY="${safeKey}"\nAPI_URL="${API_URL}"\n`
fs.writeFileSync(path.join(__dirname, '.env'), envContent)

Recommendation

Protect the skill directory, avoid sharing the .env file, and delete or rotate the key when you no longer use the skill.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the skill also installs third-party npm packages from the dependency chain.

Why it was flagged

The Quick Start instructs npm install, and the package uses caret dependency ranges. This is common for Node projects, but it means dependency versions may resolve differently over time.

Skill content

"dependencies": {
        "ws": "^8.18.0",
        "dotenv": "^16.4.7"
    }

Recommendation

Install from a trusted environment, consider npm audit or a lockfile, and review dependency provenance if using the skill in a sensitive setup.

Low

#ASI09: Human-Agent Trust Exploitation

What this means

On a legacy or misconfigured server flow, the platform key may be sent over the WebSocket despite the stronger comment.

Why it was flagged

A security comment says the platform key is never sent over WebSocket, but the code includes a legacy fallback that does send it if no session token is returned. The fallback is warned in logs and still targets the game WebSocket, so this is a disclosure accuracy note rather than evidence of malicious behavior.

Skill content

// Security: Uses session tokens for WS auth. PlatformKey never sent over WebSocket.
...
if (!sessionToken) {
    ...
    identifyPayload.platformKey = PLATFORM_KEY
}

Recommendation

Prefer servers that return session tokens, verify the API_URL is trusted, and consider removing or documenting the legacy platform-key fallback more clearly.