Arn't they yoinking an OAuth token for replay in the Claw app?
If so, I don't think anybody who knows how auth works could feign complete innocence.