Lifepath: AI Life Simulator
Security checks across malware telemetry and agentic risk
Overview
LifePath is a coherent game server, but it includes hidden fallback Gemini keys and exposes unauthenticated web endpoints that can read life data or post to Moltbook with a server API key.
Do not use real Moltbook, Gemini, Telegram, Banana.dev, or database credentials until the hardcoded keys are removed and the API is locked down with authentication, ownership checks, restricted CORS, and localhost-only defaults unless you intentionally deploy it.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured key fails or rotates, life-story prompts could be sent using credentials the user does not control, making data handling and billing/provenance unclear.
The code embeds apparent Gemini API keys as fallback credentials even though the docs say users should provide their own Gemini key.
this.apiKeys = [ process.env.GEMINI_API_KEY, process.env.GEMINI_API_KEY_BACKUP, 'AIzaSyCaM-...', 'AIzaSyAEwv...' ].filter(Boolean);
Remove hardcoded provider keys, require explicit user-provided credentials, and fail closed if no configured key is available.
Anyone who can reach the server and knows or obtains a life ID may be able to make the app publish completed life content to Moltbook under the configured account.
A request to the share endpoint can create a Moltbook post using the server's MOLTBOOK_API_KEY, and the handler does not show authentication, ownership validation, or a separate user approval step.
fastify.post('/share/:lifeId', ... fetch(`${MOLTBOOK_API}/posts`, { method: 'POST', headers: { 'Authorization': `Bearer ${API_KEY}` }, body: JSON.stringify({ title: content.title, content: content.body, submolt: ... }) }))Require authentication, verify the requester owns the life, add an explicit publish confirmation, rate-limit the route, and use the least-privileged Moltbook credential possible.
If started on a reachable machine, websites or network users may be able to call the API routes rather than the app remaining a local-only game service.
The server is configured to listen on all network interfaces with permissive CORS, increasing the exposure of the unauthenticated API routes.
fastify.register(require('@fastify/cors'), { origin: true, credentials: true }); ... fastify.listen({ port: process.env.PORT || 3000, host: '0.0.0.0' });Bind to localhost by default, restrict CORS origins, and require authentication before enabling network-facing deployment.
Private or semi-private life stories and associated user metadata could be exposed to anyone who can query a valid life ID.
The route returns a full life record and history by ID without showing an authentication or ownership check in the handler.
fastify.get('/:lifeId', async ... const history = await lifeService.getLifeHistory(lifeId); return { success: true, life: { ...life, history } };Require authenticated users, check ownership or sharing status before returning records, and redact unnecessary user metadata from API responses.
Users may underestimate the setup complexity and credentials needed if they rely only on registry metadata.
The registry metadata under-declares runtime requirements, while SKILL.md and INSTALL.md describe Node, npm, PostgreSQL, database setup, and API keys.
Required binaries (all must exist): none ... Required env vars: none ... No install spec — this is an instruction-only skill.
Update registry metadata to declare required binaries, environment variables, ports, and external services.