Skillv1.0.1

ClawScan security

LobsterBio - Use · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 13, 2026, 12:32 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its bioinformatics purpose, but it recommends running an unsigned install script from a non-standard domain and references model/vendor integrations (Anthropic/agent packages) without declaring credentials or provenance — these are coherence and install-risk concerns you should review before installing.
Guidance: This skill appears to be what it says (a usage guide for Lobster AI) but has two practical concerns you should address before proceeding: 1) Installer provenance: the SKILL.md recommends running curl | bash from https://install.lobsterbio.com and a Windows 'irm ... | iex' — running scripts directly from an unfamiliar domain can execute arbitrary code on your machine. Prefer installing from a known package source (pip or your OS package manager) or inspect the installer contents on a trusted network before running. If possible, ask for the project's public repository or official release page to verify the installer. 2) Hidden credential needs: the docs reference an 'anthropic' extras tag and say 'lobster init' configures API keys. The skill metadata does not declare required API keys or where credentials will be stored. Before use, verify what external services (model vendors, PubMed/GEO access, cloud storage) Lobster will contact and what keys it needs; run 'lobster config-test' and read any config files to see where secrets are kept. Additional steps: request the skill's source/homepage from the publisher (none provided), prefer installing via pip or a known package repository, run installations in a sandbox or VM first, and review the installer script/ repository for network endpoints or telemetry before granting access to sensitive data. If you need higher assurance, ask the skill author for a link to an official repo or signed releases.

Review Dimensions

Purpose & Capability: okName/description align with the runtime instructions and reference files: all content is about using Lobster AI for single-cell/bulk RNA‑seq, literature/dataset discovery, QC, DE, and visualization. The required capabilities described are consistent with the workflows and agent list in the references.
Instruction Scope: noteSKILL.md is instruction-only and stays within Lobster usage: commands, workspace paths, and dataset downloads (GEO/SRA) are all relevant. It assumes Lobster is installed/configured and instructs user to run 'lobster config-test' for setup issues. The instructions do not ask the agent to read unrelated system files or undeclared env vars, but they do direct users to download remote datasets and to run an external installer (see install_mechanism).
Install Mechanism: concernThe guide recommends piping a shell download from https://install.lobsterbio.com (curl | bash) and a PowerShell 'irm ... | iex' for Windows — both are high-risk patterns because they execute code directly from a remote, non-standard domain. There are fallback install options (pip, uv tool), but provenance for the install.lobsterbio.com endpoint is unknown and no homepage/repository is provided in the skill metadata. This is the primary risk.
Credentials: noteThe skill declares no required env vars or primary credential, which matches that it is instruction-only. However, installation guidance references packages with an 'anthropic' extras marker and says 'lobster init configures API keys' — implying third-party model/API keys (Anthropic or others) may be created/required. The skill does not declare or document these credential needs or where keys are stored, which is a proportionality/provenance gap to be aware of.
Persistence & Privilege: okThe skill is instruction-only, does not request 'always: true', and does not modify other skills or system-wide agent settings. It does not ask to persist additional privileges itself.