ClawHub

LIE.WATCH

Security checks across malware telemetry and agentic risk

Overview

This is a normal LIE.WATCH game connector that sends a game-specific agent ID, platform key, and gameplay responses to the LIE.WATCH service as part of play.

Install only if you want this agent to play LIE.WATCH. Use a dedicated LIE.WATCH platform key, keep it out of shared logs and repositories, verify API_URL remains the official service, and do not include unrelated secrets or private information in the game response fields such as say, think, or privateReasoning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to export and pass a secret PLATFORM_KEY but does not include an explicit warning about secure handling, storage, redaction, or avoiding accidental disclosure in logs and shell history. Because this skill connects to a remote service for gameplay, mishandling the key could allow unauthorized API use or account impersonation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The connector sends the platform credential (`PLATFORM_KEY`) to a remote API and again over WebSocket for authentication, but provides no user-facing disclosure or warning that a secret is being transmitted. Although this is expected for a networked game client, the risk is real because the credential grants platform access and could be exposed through misconfiguration, interception on a non-TLS endpoint, or connection to an attacker-controlled `API_URL`.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal