LobsterBio - Use
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Lobster AI usage guide, but users should verify the external installer, API-key setup, and saved-session handling before using it with sensitive biological data.
Before installing, confirm that the Lobster installer and package sources are legitimate, understand what API keys are being configured, and use isolated workspaces for sensitive RNA-seq or genomic data. The provided artifacts do not show malicious behavior, but the external installer and persistent multi-agent workflow deserve normal security review.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running these commands could install or execute code on the user's machine, so a compromised or incorrect installer source would affect the local environment.
The setup instructions include remote scripts piped directly into a shell or PowerShell and unpinned package installation. This is disclosed and related to installing Lobster, but it is a supply-chain-sensitive setup path.
curl -fsSL https://install.lobsterbio.com | bash ... irm https://install.lobsterbio.com/windows | iex ... uv tool install 'lobster-ai[full,anthropic]' && lobster init
Verify the Lobster vendor domain and package source before running installers; prefer documented manual installation, pinned versions, or checksums when available.
Provider API keys may grant access to paid model usage or account resources if entered into the Lobster configuration.
The skill indicates that Lobster setup may collect or configure API keys. This is expected for an AI analysis platform, but it involves credentials.
After install, `lobster init` configures API keys and selects agent packages.
Use least-privilege API keys where possible, confirm where Lobster stores them, and avoid entering credentials unless the installation source is trusted.
Sensitive datasets, prompts, intermediate results, or analysis history may remain in the workspace or session state after a task is finished.
The workflow supports continuing prior sessions and saving session state, which means analysis context and outputs may persist across runs.
`lobster query --session-id latest "Follow-up"` ... `| `/save` | Save current session state |`
Use separate workspaces for sensitive projects, review saved outputs, and delete or archive session data according to your data-handling requirements.
User queries and loaded-data context may be passed among Lobster's specialist agents during analysis.
The platform uses multiple specialist agents and automatic routing. This is core to the product, but the artifacts do not detail inter-agent data boundaries.
The Supervisor automatically routes your queries to the right agent.
Avoid sending restricted or regulated biological data unless Lobster's data-routing, retention, and privacy controls meet your requirements.