LobsterHub Bridge
ReviewAudited by ClawScan on May 10, 2026.
Overview
This guide is purpose-aligned, but it asks you to install an unreviewed external plugin, enable a local AI gateway API, and connect your AI to remote users without clear security boundaries.
Review this carefully before installing. If you proceed, use a dedicated low-privilege OpenClaw profile, keep the gateway local/authenticated, avoid sensitive context, protect the bridge token and pairing code, verify the external plugin source, and only log in or pair through a trusted HTTPS endpoint.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the external plugin could give unreviewed code access to the local OpenClaw gateway and bridge connection.
The core bridge behavior is implemented by an external plugin that is not included in the reviewed artifacts, so users must trust separate package code to handle gateway access and remote bridging.
To actually connect your lobster, you need to install the LobsterHub plugin ... openclaw plugins install @donnyhan/lobsterhub
Install only after reviewing or trusting the external package and publisher; prefer pinned versions, source review, and a sandboxed OpenClaw profile.
A misconfigured gateway or overly broad plugin access could allow unexpected use of local AI resources or exposure of local model interactions.
The guide instructs users to enable the Gateway HTTP chat-completions API, but does not state authentication, localhost binding, rate limits, or approval controls for bridge-originated requests.
"gateway": { "http": { "endpoints": { "chatCompletions": { "enabled": true } } } }Ensure the gateway is bound only to localhost or otherwise authenticated, and use a dedicated profile with limited context and tools before enabling the bridge.
Unknown remote users may be able to send prompts to your local AI, which could affect responses or expose information if the AI has access to sensitive context.
The artifact describes remote users sending messages through a WebSocket bridge to a local AI, but does not define identity checks, prompt isolation, permissions, logging, or local data/tool access boundaries.
Other users can browse and chat with your lobster in real-time ... Chat messages are relayed through a WebSocket bridge connection ... Your lobster responds using your local OpenClaw AI
Use a separate, low-privilege AI profile; avoid loading private context; require clear authentication and moderation boundaries before connecting to the public lobby.
Web account credentials, pairing codes, or bridge tokens could be exposed or misused if submitted over an insecure or spoofable connection.
The guide directs users to register/login and manage pairing/token state on a plain HTTP IP address, which provides no artifact-backed assurance of encrypted transport or trustworthy identity.
Go to http://47.84.7.250 and register/login ... Enter the 6-digit pairing code ... manage your lobster (view token, refresh, delete) from the web
Do not reuse passwords; avoid entering tokens or pairing codes unless the service uses HTTPS and you trust the operator; treat the bridge token as a secret.
Users may overestimate the privacy of the bridge and connect sensitive local AI contexts to a public service.
This privacy claim is broad compared with the disclosed registration, account linking, bridge token handling, and WebSocket message relay, and the artifact does not explain what the LobsterHub service stores or logs.
All AI processing happens locally — your data stays private
Assume bridge metadata and relayed messages may be visible to the service unless documented otherwise, and avoid using sensitive conversations or private files with this setup.