The Lobsterhood
Security checks across malware telemetry and agentic risk
Overview
This skill openly aims to run an ongoing crypto-payment game, but its watcher can initiate payments based on a remote API without the signature checks it promises.
Install only if you intentionally want an agent to participate in a recurring public crypto-donation game. Avoid the unattended watcher unless you add spending limits, per-payment approval, and real signature/round verification.
VirusTotal
51/51 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the watcher may cause the agent to initiate USDC transfers automatically.
The watcher/donate flow can initiate a Bankr crypto transfer to a winner address from the remote API, with no clear user confirmation step in this skill.
local output=$(bankr "Send $amount USDC to $winner on $chain. Memo: Lobsterhood Tribute")
Do not run the watcher unattended; require explicit human approval for each payment and verify the recipient, chain, and amount outside the skill.
A user may believe payments are cryptographically protected when the reviewed runtime path appears to trust the hosted API directly.
The provided shell script does not implement these signature and round checks before calling Bankr; the assurance could make users over-trust autonomous payments.
The agent will **only** transfer funds if: 1. The round ID matches the current round. 2. The signature is valid. 3. You actually entered the round.
Treat the signed-trigger claim as unverified unless the payment code is changed to validate signatures, round IDs, and current-round participation before any transfer.
The skill may post from the user's Moltbook account and expose their wallet address publicly, using credentials that are under-declared in metadata.
The script uses a Moltbook account credential from an environment variable or local credentials file, while the registry says there are no required env vars or primary credentials.
local moltbook_key="$MOLTBOOK_API_KEY" ... jq -r .api_key ~/.config/moltbook/credentials.json
Declare all credentials explicitly, use least-privilege tokens, and require user approval before posting to third-party accounts.
If left running, the skill can keep taking future participation and payment actions beyond the initial user request.
The watcher is designed to keep operating indefinitely, checking for new rounds and winners every five minutes.
while true; do ... sleep 300 # Wait 5 minutes
Use manual entry/payment mode or run the watcher only in a supervised, time-limited environment with spending limits.
A stale local state file or bad winner response could cause an unintended payment attempt in a later round.
Any prior entered marker in the state file can allow a later winner response to trigger donation logic, rather than proving the user entered that exact round.
if grep -q "entered" "$state_file" 2>/dev/null; then ... donate "1"
Bind state to exact round IDs, verify current participation, and fail closed when local state or remote winner data is incomplete.