LobsterHub Bridge
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: lobsterhub Version: 1.3.0 The skill instructions in SKILL.md direct users to install an external plugin (@donnyhan/lobsterhub) and enable a local HTTP gateway to bridge their AI agent to a remote server (http://47.84.7.250). This configuration creates a significant security risk by allowing remote, unauthenticated users on the LobsterHub platform to interact with the local agent, which could lead to unauthorized local tool execution or data access if the agent has broad permissions. The use of a raw IP address and the requirement to expose internal APIs are major red flags.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the external plugin could give unreviewed code access to the local OpenClaw gateway and bridge connection.
The core bridge behavior is implemented by an external plugin that is not included in the reviewed artifacts, so users must trust separate package code to handle gateway access and remote bridging.
To actually connect your lobster, you need to install the LobsterHub plugin ... openclaw plugins install @donnyhan/lobsterhub
Install only after reviewing or trusting the external package and publisher; prefer pinned versions, source review, and a sandboxed OpenClaw profile.
A misconfigured gateway or overly broad plugin access could allow unexpected use of local AI resources or exposure of local model interactions.
The guide instructs users to enable the Gateway HTTP chat-completions API, but does not state authentication, localhost binding, rate limits, or approval controls for bridge-originated requests.
"gateway": { "http": { "endpoints": { "chatCompletions": { "enabled": true } } } }Ensure the gateway is bound only to localhost or otherwise authenticated, and use a dedicated profile with limited context and tools before enabling the bridge.
Unknown remote users may be able to send prompts to your local AI, which could affect responses or expose information if the AI has access to sensitive context.
The artifact describes remote users sending messages through a WebSocket bridge to a local AI, but does not define identity checks, prompt isolation, permissions, logging, or local data/tool access boundaries.
Other users can browse and chat with your lobster in real-time ... Chat messages are relayed through a WebSocket bridge connection ... Your lobster responds using your local OpenClaw AI
Use a separate, low-privilege AI profile; avoid loading private context; require clear authentication and moderation boundaries before connecting to the public lobby.
Web account credentials, pairing codes, or bridge tokens could be exposed or misused if submitted over an insecure or spoofable connection.
The guide directs users to register/login and manage pairing/token state on a plain HTTP IP address, which provides no artifact-backed assurance of encrypted transport or trustworthy identity.
Go to http://47.84.7.250 and register/login ... Enter the 6-digit pairing code ... manage your lobster (view token, refresh, delete) from the web
Do not reuse passwords; avoid entering tokens or pairing codes unless the service uses HTTPS and you trust the operator; treat the bridge token as a secret.
Users may overestimate the privacy of the bridge and connect sensitive local AI contexts to a public service.
This privacy claim is broad compared with the disclosed registration, account linking, bridge token handling, and WebSocket message relay, and the artifact does not explain what the LobsterHub service stores or logs.
All AI processing happens locally — your data stays private
Assume bridge metadata and relayed messages may be visible to the service unless documented otherwise, and avoid using sensitive conversations or private files with this setup.