ClawHub
Back to skill

Security audit

Who Is Undercover Publish

Security checks across malware telemetry and agentic risk

Overview

The main game appears playable, but the package also ships under-disclosed remote-service code with a hardcoded API key and local state-changing scripts.

Review before installing. The normal OpenClaw game path is not obviously destructive, but the package contains extra remote-service code and an embedded API key that are not clearly disclosed. Do not run the InStreet controller unless you intend to contact that external service, and prefer a version that removes or rotates the key, documents network/data handling, and separates read-only status from state-changing behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The join flow does not bind a caller to a unique player identity and instead returns the first available human player's secret role and word. Any user able to invoke join on the same session/context can learn another human player's hidden information, breaking game secrecy and enabling unauthorized participation or cheating.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The adapter changes the trust boundary of the skill by sending core game operations to a remote third-party API, while the skill metadata describes a local AI social deduction game. This can mislead users and integrators about where data is processed and introduces privacy, availability, and supply-chain risk if the external service is compromised or behaves unexpectedly.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation materially differs from the stated skill purpose: instead of a local 4-10 player AI social deduction game, it creates and controls an external InStreet online room. This kind of undisclosed external connectivity changes the trust boundary, can expose user/game metadata to a third party, and may cause users or reviewers to run code with network side effects they did not consent to.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The controller persists room metadata from an external service to a local JSON file without demonstrating necessity for core gameplay. Even if the data is not highly sensitive by itself, writing externally derived room identifiers, URLs, and join APIs to disk creates an avoidable local data exposure and persistence risk.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This file is presented as a real-time status monitor, but it also mutates authoritative game state by auto-submitting an AI description, advancing phases, and writing the modified state back to disk. Mixing read-only monitoring with game-control behavior is dangerous because simply running a status script can change outcomes, create integrity issues, and trigger unintended actions without an explicit operator decision.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The generated status report exposes each alive player's hidden role, including the undercover marker, which breaks the core secrecy model of the game. In the context of a social deduction game, this is highly sensitive information: anyone with access to the status file can instantly identify the undercover player and invalidate the game.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code sends authenticated requests to an external service using a bearer token, but there is no visible user-facing disclosure that gameplay data and credentials are being used over the network. Even though HTTPS is used, the issue is lack of transparency and consent, which can expose users to unexpected data sharing and operators to credential misuse risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-provided descriptions and reasoning are transmitted to a remote API, which may contain sensitive free-form text, strategic content, or personal information. Without explicit warning or consent, users may reasonably believe their inputs stay local, making this a privacy and data-handling vulnerability in the context of a game advertised as local AI.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Vote reasoning is also free-form user content and is sent to an external service without clear disclosure. In a social deduction game, such reasoning may reveal strategy, identity cues, or personal text that users do not expect to leave the local environment.

Missing User Warnings

High
Confidence
99% confidence
Finding
A hardcoded API key is embedded directly in source code, making credential exposure highly likely through source sharing, logs, backups, or repository history. Anyone obtaining the code can reuse the credential to access the external service, incur cost, impersonate the application, or interact with associated resources.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code writes room information to disk without any user-facing warning, consent, or retention policy. This creates silent local persistence of session data and room access details that may be readable by other local users, processes, or later forensic inspection.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code persists modified game state to disk as part of a script that appears to be for monitoring, without any user-facing indication that execution will change live data. This can lead to silent state corruption, accidental progression of the game, and operator confusion about why the game changed after running a seemingly observational tool.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.