ClawHub

LobsterLAN

Security checks across malware telemetry and agentic risk

Overview

This skill openly implements local-network agent messaging, but users must configure trusted peers and secure the transport.

Install only if you intend this agent to communicate with trusted OpenClaw peers. Keep peers.json private, use SSH tunnels, TLS, or Tailscale rather than raw LAN HTTP, rotate tokens if exposed, and avoid delegating prompts that contain secrets or actions you would not trust the receiving agent to perform.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs users to run a shell script and relies on environment/config files, but it does not declare permissions for shell or environment access. That creates a trust and review gap: an agent or user may authorize the skill without realizing it can execute commands and consume sensitive configuration such as peer tokens. In this context, the skill also facilitates network communication with other agents, so undeclared execution capability increases the chance of unintended command execution or token exposure across systems.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script sends agent messages, bearer tokens, and the self identifier to peers over plain HTTP, and only emits a warning for non-localhost destinations. On a LAN or any routed network, an attacker able to sniff or tamper with traffic could recover credentials, read prompts/responses, impersonate peers, or modify agent-to-agent instructions in transit.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Async delegation posts task content and bearer authentication over plain HTTP to the webhook endpoint. This exposes both secrets and delegated task data to interception or manipulation, allowing an attacker to steal tokens, submit forged tasks, or alter delegated work.

External Transmission

Medium
Category
Data Exfiltration
Content
warn_if_not_localhost "$host"

  local response
  response=$(curl -sS --max-time 120 "$url" \
    -H "Authorization: Bearer ${token}" \
    -H "Content-Type: application/json" \
    -H "X-LobsterLAN-Agent: ${self_id}" \
Confidence
90% confidence
Finding
curl -sS --max-time 120 "$url" \ -H "Authorization: Bearer ${token}" \ -H "Content-Type: application/json" \ -H "X-LobsterLAN-Agent: ${self_id}" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
warn_if_not_localhost "$host"

  local response
  response=$(curl -sS --max-time 10 "$url" \
    -H "Authorization: Bearer ${token}" \
    -H "Content-Type: application/json" \
    -H "X-LobsterLAN-Agent: ${self_id}" \
Confidence
90% confidence
Finding
curl -sS --max-time 10 "$url" \ -H "Authorization: Bearer ${token}" \ -H "Content-Type: application/json" \ -H "X-LobsterLAN-Agent: ${self_id}" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal