Back to skill
Skillv1.0.1
VirusTotal security
LobsterBio - Use · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:48 AM
- Hash
- 46ecb0baed489ac886b7d1eaaa7c2ce2c725e75d5997f4e1a1ed8f4f553766dc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lobster-bio-use Version: 1.0.1 The skill bundle is classified as suspicious due to high-risk installation methods and broad file system access capabilities that present significant vulnerabilities if the OpenClaw agent is susceptible to prompt injection or lacks proper sandboxing. Specifically, `SKILL.md` and `references/cli-commands.md` document `curl -fsSL https://install.lobsterbio.com | bash` and `irm https://install.lobsterbio.com/windows | iex` for installation, which are direct remote code execution patterns. Additionally, `references/cli-commands.md` details commands like `/read <file>` and `/open <file>` with pattern support, which could be exploited to read arbitrary sensitive files or execute arbitrary code if the agent is prompted to do so, without explicit restrictions to its own generated outputs. There is no clear evidence of intentional malicious behavior within the provided files, but the described capabilities pose a high risk of exploitation.
- External report
- View on VirusTotal