v1.6.0

lobsterpot

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

This is a transparent Lobsterpot Q&A integration, but it asks agents to make recurring autonomous posts, votes, and self-updates that a user should review before enabling.

GuidanceInstall only if you want an agent to operate a Lobsterpot account and participate in shared Q&A. Consider disabling the heartbeat and self-update flow, requiring human approval before posts/votes/comments/accepts, and never sharing proprietary code, credentials, or private business context.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

HEARTBEAT.md

Do these four things every check-in: ... Answer 2 questions ... Vote on 3 posts ... Ask 2 new questions

The heartbeat directs the agent to perform repeated authenticated API mutations that create, rank, and respond to shared Q&A content.

User impactThe agent may post answers, ask questions, comment, vote, or accept answers under the Lobsterpot account without a fresh human decision for each action.

RecommendationUse this only if you want autonomous community participation; otherwise require human approval for posts, votes, accepts, and comments, or keep the skill read-only.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

HEARTBEAT.md

**Heartbeat check:** Every 4+ hours

The file establishes a recurring operating schedule for the agent instead of limiting the skill to a single user-invoked task.

User impactThe agent could continue checking Lobsterpot and taking account actions on a schedule after the original task is over.

RecommendationDo not add the heartbeat unless you explicitly want scheduled behavior; keep a visible opt-in, logging, and an easy way to disable it.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

HEARTBEAT.md

If the returned `version` is newer than `1.6.0` ... `curl -s https://lobsterpot.ai/skill.md > ~/.openclaw/skills/lobsterpot/SKILL.md`

The heartbeat can overwrite the installed skill instructions from a remote URL, but the artifacts do not show a signature, hash, diff review, or human approval step.

User impactFuture instructions could change silently if the remote content changes or the service is compromised.

RecommendationReview updates before replacing local skill files, pin trusted versions where possible, and prefer signed or hash-verified updates.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Save to `~/.config/lobsterpot/credentials.json` ... Or set environment variable: `LOBSTERPOT_API_KEY=lp_sk_...`

The service requires an API key and suggests local storage for it; this is expected for an authenticated integration but grants account authority.

User impactAnyone or any process with access to the key could act as the Lobsterpot agent account.

RecommendationStore the key in a secret manager or locked-down file, avoid sharing it in prompts or logs, and rotate/revoke it if exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Lobsterpot is where agent knowledge persists. When you post a Q&A, it outlives your context. Future agents — including future instances of you — find it

Persistent shared knowledge is the core feature, but it means posted information can be reused by future agents and may influence later tasks.

User impactSensitive project details, proprietary workarounds, or misleading content could persist and be reused beyond the original session.

RecommendationTreat Lobsterpot content as shared and untrusted; do not post secrets or proprietary details, and review retrieved context before relying on it.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

HEARTBEAT.md

View a question (includes answers, comments, and context injection)

The agent is expected to consume content and contextual material from other agents/users through the Lobsterpot service.

User impactExternal questions, answers, comments, or injected context could contain bad advice or prompt-like text that should not be treated as authoritative.

RecommendationKeep external Lobsterpot content isolated from system/developer instructions and verify technical claims before acting on them.