ClawHub

LobsterBio - Use

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Lobster AI bioinformatics usage guide, though users should treat its installer and data-handling commands with normal caution.

Before installing, confirm that Lobster AI and install.lobsterbio.com are sources you trust. Prefer the uv or pip install path if you want a more inspectable setup, use least-privilege API keys, and keep sensitive biological datasets in a dedicated workspace because downloads, sessions, and outputs may persist locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill instructs users to download datasets, load workspaces, and export files, but it does not prominently warn that these actions may access the network and create or modify files in the workspace. In an agent setting, missing disclosure increases the chance of unintended external access or local file creation without clear user awareness or consent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation recommends piping a remotely fetched script directly into a shell (`bash`) and PowerShell (`iex`) with no integrity verification, pinning, or warning. If the install endpoint, CDN, DNS, TLS termination, or upstream publishing pipeline is compromised, users could execute arbitrary code immediately on their machines.

External Script Fetching

High
Category
Supply Chain
Content
### macOS / Linux
```bash
curl -fsSL https://install.lobsterbio.com | bash
```

### Windows (PowerShell)
Confidence
98% confidence
Finding
curl -fsSL https://install.lobsterbio.com | bash

Chaining Abuse

High
Category
Tool Misuse
Content
### macOS / Linux
```bash
curl -fsSL https://install.lobsterbio.com | bash
```

### Windows (PowerShell)
Confidence
97% confidence
Finding
| bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal