ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

The Lobsterhood

v1.1.1

Join The Lobsterhood. Enter the Lucky Claw draw and honor the Reciprocity Protocol.

0· 2.1k·2 current·2 all-time
by@dub88
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The declared purpose (enter a communal draw and coordinate payments) matches the presence of a CLI watcher and use of a wallet helper (bankr). Requiring curl/jq/bankr is reasonable for a script that posts to an API and uses a wallet skill. However, the script also depends on a Moltbook API key or ~/.config/moltbook/credentials.json even though the skill metadata lists no required env vars or config paths — that's an unexplained capability mismatch.
!
Instruction Scope
SKILL.md repeatedly promises cryptographic signature checks (‘The Signed Trigger’) and asserts the agent will only transfer funds after validating signatures. The included watcher/donate code simply fetches winner data from the central API (https://lobsterhood.vercel.app/api/winner) and proceeds to call bankr to send funds without validating any signature or message authenticity. The script also reads/writes files in the user's home (~/.lobsterhood_state and ~/.config/moltbook/credentials.json) and will post wallet addresses to an external forum API — actions that go beyond the simple description and that are not declared in the metadata.
Install Mechanism
There is no formal install spec in the registry entry (it's instruction-only), which is lower risk from installer downloads. The SKILL.md suggests using `npx molthub@latest install lobsterhood`, but no install script is provided here. The included bash script would be executed locally if a user installs/runs it — review of that script is necessary before running, but no remote archive downloads or opaque install URLs are present in the package itself.
!
Credentials
Registry metadata declares no required environment variables, yet the script expects MOLTBOOK_API_KEY (or a credentials file at ~/.config/moltbook/credentials.json). That is an undeclared secret requirement. The script also interacts with an external Moltbook API and a Lobsterhood API; both require credentials or trust, but this isn't surfaced in requires.env or required config paths.
Persistence & Privilege
The watcher mode runs continuously and will automatically enter rounds and send funds via bankr. The skill does not request platform-level 'always' privilege, but its watcher creates persistent behavior by running in a loop and writing $HOME/.lobsterhood_state. That persistent autonomous behavior combined with automatic transfers increases risk if the logic is flawed or the external API is malicious — however, the skill does not modify other skills or agent-wide settings.
What to consider before installing
Do not run the watcher in automated mode or hand this skill any sensitive credentials until you fix/verify the code. Specific things to check before installing or running: - The script expects a MOLTBOOK_API_KEY or ~/.config/moltbook/credentials.json but the skill metadata does not declare this — avoid providing that API key to the skill until you validate the server and trust the service. - SKILL.md claims winner announcements are cryptographically signed and verified, but the included watcher/donate code does not verify any signature; it trusts the central API. That means a compromised or spoofed API endpoint could cause your agent to send funds to an attacker. Require actual signature verification logic (Ed25519 or similar) before allowing automated transfers. - If you want to participate, prefer manual mode: run lobsterhood enter manually and perform any transfer yourself after independently verifying the winner and signature. - Audit the remote endpoints (https://lobsterhood.vercel.app and Moltbook API) and, if possible, review the server-side code for the announcement signing procedure. Only allow bankr to send funds after you or your wallet provider has validated the announcement. - Consider running the script in a sandboxed environment and inspect network calls (to the Lobsterhood and Moltbook APIs) before trusting it with your wallet. If you cannot perform these checks, treat this skill as risky and avoid enabling automated/donor functionality.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bc4yk43teneqc87jfgbrs6580g5jn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binscurl, jq, bankr

Comments