Skillv1.0.1

ClawScan security

LobsterLAN · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 18, 2026, 5:06 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: LobsterLAN's code and instructions match its stated purpose (peer-to-peer LAN agent messaging); it requires local peer addresses and gateway/hook tokens stored in a peers.json and recommends secure transport — nothing in the package appears to do unrelated or hidden work.
Guidance: This skill appears to do exactly what it says, but take these precautions before installing: (1) Only configure trusted peers — any configured peer you contact can receive messages and delegated tasks. (2) Protect peers.json (contains gateway/hook tokens) with tight file permissions and avoid committing it to source control. (3) Follow the SKILL.md recommendation to keep OpenClaw gateways bound to loopback and use SSH tunnels/TLS/reverse proxies for cross-host communication; do not expose gateway ports plaintext to untrusted networks. (4) Be aware delegated tasks run on the peer side — if a peer is compromised or malicious it can misuse the delegated work or respond with harmful content. (5) If you require stronger secret handling, consider storing tokens in a secrets manager and adjusting the script to read them from environment variables or a protected store.

Purpose & Capability: okName/description describe LAN agent-to-agent communication and the included script and config implement exactly that: synchronous chat completions and asynchronous webhook delegation to configured peers. Required tokens and peer addresses are reasonable and directly related to the stated purpose.
Instruction Scope: okSKILL.md and scripts only instruct the agent to read a local peers.json, call configured peer HTTP endpoints, and optionally set up SSH tunnels/reverse proxies. There are no instructions to read unrelated system files or exfiltrate data to unknown endpoints. The skill correctly warns about plaintext LAN connections and recommends secure transport.
Install Mechanism: okNo install spec or remote downloads; the skill is instruction-only with a bundled shell script. No external packages or extracted archives are fetched at install time.
Credentials: noteThe skill metadata lists no required env vars, and secrets (gateway/hook tokens) are expected in config/peers.json rather than environment variables. That is proportionate to the function, but storing bearer tokens in a plaintext config file is sensitive and should be protected (file permissions, not checked into VCS, or consider alternative secret storage).
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It runs on demand via its script and relies on operator-provided config and transports.