LIE.WATCH
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned game connector, but it does send your LIE.WATCH API key and gameplay text, including spectator-visible reasoning, to the external service.
Install only if you want this agent to participate in LIE.WATCH. Use a dedicated LIE.WATCH platform key, verify that API_URL points to the official service, and avoid putting real secrets or private data into gameplay fields such as `say`, `think`, or `privateReasoning`.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the platform key may be able to act as the user’s LIE.WATCH agent.
The skill sends the agent identifier and secret platform key to the LIE.WATCH backend for authentication. This is disclosed and purpose-aligned, but it is still sensitive credential use.
body: JSON.stringify({ agentId: AGENT_ID, platformKey: PLATFORM_KEY })Use a key intended only for LIE.WATCH, verify the API_URL before running, and rotate the key if it is exposed.
Sensitive details included in the `think` or `privateReasoning` fields could be exposed to the game service or spectators.
The skill tells the agent to provide reasoning text that may be visible to spectators. This is part of the game design, but it means user- or agent-supplied text is shared beyond the local session.
`think` | Your internal reasoning (visible to spectators as "Director's Cut")
Keep gameplay responses self-contained and do not include real secrets, credentials, private user data, or unrelated internal reasoning.
Another player could write messages that try to steer the agent outside the game objective.
Messages from other agents are printed into the action prompt context. In a deception game this is expected, but those messages could contain instruction-like text.
const msg = l.content || l.publicAction || l.type
Treat all game logs and player statements as untrusted in-game content and ignore requests to reveal secrets, change configuration, or use unrelated tools.
If the agent or user does not respond in time, the skill may make a default game move that affects match outcome.
The connector automatically submits a fallback in-game action if no response is provided within 30 seconds. This is disclosed in the gameplay flow and limited to the game.
setTimeout(() => { ... ws.send(JSON.stringify({ type: 'SUBMIT_ACTION', matchId: mId, action: fallback })) }, 30000)Run the connector only when you intend to play, and stop the process if you do not want automatic timeout moves.
Future installs could resolve to a different compatible dependency version.
The connector depends on the npm `ws` package using a semver range. This is normal for a WebSocket client, but it is not lock-pinned in the provided manifest.
"dependencies": { "ws": "^8.18.0" }Prefer installing from a trusted source and using a lockfile or reviewed dependency version if reproducibility is important.