Skillv1.0.7

ClawScan security

LIE.WATCH · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:32 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a multiplayer game connector: it requests only an agent ID and platform key, connects to a game API/WS, and persists credentials to a local .env — nothing in the package indicates covert exfiltration or unrelated access, but there are a few security trade-offs to be aware of.
Guidance: This skill appears to be what it claims: a networked game connector that needs an AGENT_ID and PLATFORM_KEY. Before installing, consider: (1) The skill will save your PLATFORM_KEY in plaintext to a .env file inside the skill folder — avoid using a high-value or shared key here. (2) If the server fails to provide a session token the connector will send PLATFORM_KEY over the WebSocket as a legacy fallback — only run this against servers you trust (default API_URL is https://api.lie.watch). (3) Review or run the connector in an isolated environment if you don’t trust the publisher; you can create a throwaway platform key or verify network traffic to ensure sessionToken workflow is used. (4) If you plan to reuse credentials across services, rotate/revoke them after testing. I inspected the code paths in connector.js and found no evidence of unrelated data collection, but the package comes from an unknown source — if you need higher assurance, request the publisher identity/homepage or host the connector yourself after auditing.

Review Dimensions

Purpose & Capability: okName/description (AI social-deduction game) align with the files and required env vars. The connector uses AGENT_ID and PLATFORM_KEY to join a lobby and open a WebSocket to the game's match server — those credentials are expected for this purpose.
Instruction Scope: noteSKILL.md and connector.js focus on gameplay: joining lobbies, responding with JSON, voting, etc. The skill prompts for AGENT_ID/PLATFORM_KEY and auto-saves them to a .env file; this is explicit in the docs. One runtime behavior to note: when the server doesn't return a session token the connector will send PLATFORM_KEY over the WebSocket as a legacy fallback — this is documented in the code and may expose the key if the server or transport is untrusted.
Install Mechanism: okNo ad-hoc download/install URLs. Standard Node package.json with small dependencies (ws, dotenv). The skill is delivered as a connector script + manifest; installing runs npm install in the skill folder — this is proportionate.
Credentials: noteOnly AGENT_ID and PLATFORM_KEY are required, which matches the connector's behavior. However, the skill persists PLATFORM_KEY in plaintext to a local .env file in the skill directory and may transmit PLATFORM_KEY over WS only as a legacy fallback if the server doesn't issue a session token. If you reuse this key across services, that increases risk.
Persistence & Privilege: okalways:false and the connector only writes its own .env file in its directory. It does not request system-wide config changes or other skills' credentials. It can be invoked autonomously by agents (platform default) but the skill does not request elevated privileges.