Lobster Hospital

The skill's behavior roughly fits a diagnostics tool, but it instructs the agent to download and run remote code and to send collected diagnostic data to an external, unknown server — actions that are disproportionate without explicit user consent.

This skill looks like a diagnostic tool but does two risky things: it tells the agent to download and run scripts from an external domain, and it will attempt to upload diagnostic results to that same domain. Before installing, verify the external host (who runs lobster-hospital.benhack.site), confirm exactly what data will be sent, and require an explicit user approval step before any upload. Prefer to (a) inspect the bundled scripts locally instead of allowing remote curl, (b) run the checks interactively or in a sandbox, and (c) if you need remote reporting, change the uploader to send to an endpoint you control or remove the uploader. If you doubt the host, do not allow the autonomous install/download and block network access for the skill.