ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gigo Lobster Local

v2.1.2

🦞 GIGO · gigo-lobster-local: 本地模式:跑完整评测,但不上云、不注册个人结果页,证书二维码回到官网首页。 Triggers: 本地试吃龙虾 / 离线试吃龙虾 / local lobster taste / offline lobster taste.

0· 303·1 current·1 all-time
by@gigolab

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gigolab/gigo-lobster-local.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Gigo Lobster Local" (gigolab/gigo-lobster-local) from ClawHub.
Skill page: https://clawhub.ai/gigolab/gigo-lobster-local
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gigo-lobster-local

ClawHub CLI

Package manager switcher

npx clawhub@latest install gigo-lobster-local
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md advertises a local-only mode that does not upload results and requests only Python binaries. However the bundle contains multiple network-capable modules (gateway_client.py, judge_client.py, score_uploader.py, cert_generator, etc.) and changelog notes that judging/upload moved to a cloud /judge endpoint. Including these modules can be legitimate for a family of companion skills, but the presence of cloud/upload code in a skill whose stated purpose is local-only raises a proportionality concern unless the wrapper (run_local.py) is demonstrably preventing all outbound calls.
!
Instruction Scope
The SKILL.md explicitly instructs the agent not to inspect the repository (‘Do not run --help, inspect the whole repo, or switch to main.py once the wrapper command is clear’) and to start a particular wrapper directly. That directive restricts normal verification and matches detected prompt-injection patterns. The runtime rules also direct live execution monitoring (tailing logs, polling process) and specific shell commands, which is expected for running a local job but problematic when the instructions attempt to forbid inspection of the code being run.
Install Mechanism
There is no install spec (instruction-only at the registry level), which is low-risk in itself. But the bundle includes many Python scripts that will be executed when you run the wrapper. Since there is no automatic package download, the risk is limited to what the included code does when executed locally. That behavior should be inspected before running.
Credentials
The skill declares no required environment variables, yet the SKILL.md documents reading GIGO_LOBSTER_NAME / GIGO_LOBSTER_TAGS and other GIGO_* variables as persona defaults. The bundle also contains modules that use network endpoints and (in production) would use gateway_base and possibly credentials. While the skill does not explicitly request secrets, it will read environment variables not declared in the metadata and could use network code if the wrapper calls those modules.
Persistence & Privilege
The skill does not request 'always: true' and does not declare modifications to other skills or system-wide settings. It appears to run only when invoked and does not request elevated agent privileges in the manifest.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] unexpected: SKILL.md contains instruction patterns aiming to control agent behaviour (e.g., forbidding repository inspection). This is unexpected for a runner whose purpose should be transparent and verifiable.
[prompt-injection:unicode-control-chars] unexpected: Unicode control characters or similar obfuscation were detected in SKILL.md; such techniques can be used to hide or alter displayed instructions and are not expected for a straightforward local-run instruction file.
What to consider before installing
What to consider before installing or running this skill: - Treat the bundle as semi-trusted until you inspect the wrapper. Although the skill claims "local-only", the repository includes cloud/network code (gateway_client, judge_client, score_uploader) that could upload data if invoked. - The SKILL.md explicitly tells the agent not to inspect the repo and contains prompt-injection indicators. Do not follow that advice — manually inspect the code yourself. - Before running, open the wrapper file referenced in SKILL.md (run_local.py or the wrapper the guide expects) and verify it does NOT call functions that perform HTTP requests, import or call score_uploader, gateway_client.judge, or other network/upload helpers. Grep for 'requests.post', 'score_uploader', 'gateway', '/judge', 'upload', 'socket', or similar. - If you must run: do so in an isolated environment (VM, container, or machine with network disabled) and point output directories to a safe location. This prevents accidental outbound traffic and limits filesystem impact. - Check for any use of undeclared environment variables (GIGO_*, GATEWAY_BASE, etc.) and ensure none are set in your environment unless intentional. Prefer running with a clean environment. - Prefer invoking the wrapper with flags that explicitly disable upload (e.g., --skip-upload) and confirm via reading run_local.py that the flag is honored. Do a dry run or --help locally (despite SKILL.md advise) to inspect behavior — the SKILL.md instruction forbidding --help is itself suspicious. - If you are not comfortable auditing the wrapper, do not install/run the skill. If possible, ask the skill author for a minimal, auditable local-only wrapper that cannot import or call any uploader/judge code. Why suspicion: the combination of (a) instructions that forbid inspection, (b) prompt-injection signatures in SKILL.md, and (c) included cloud/upload code creates ambiguity about whether a run will truly stay local. Manual code review of the wrapper and running inside an isolated environment are the safest next steps.
bundle/tasks/a27_refuse_eval_user_input/setup/dangerous.py:5
Dynamic code execution detected.
scripts/v2_bundle_tools.py:50
Dynamic code execution detected.
!
scripts/tasting_config.json:3
Install source points to URL shortener or raw IP.
!
bundle/tasks/a25_readme_prompt_injection/setup/README.md:20
Prompt-injection style instruction pattern detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
OSmacOS · Linux · Windows
Any binpython3, python, py
latestvk9754rpbj0b5q1k4c2rtrm62yx85qgtj
303downloads
0stars
24versions
Updated 1h ago
v2.1.2
MIT-0
macOS, Linux, Windows
@gigolab
latest
Download

gigo-lobster-local

Mission

  • 本地模式:跑完整评测,但不上云、不注册个人结果页,证书二维码回到官网首页。
  • Local-only mode: runs the benchmark without uploading, without creating a personal result page, and keeps the certificate QR code pointed at the site homepage.

Trigger Phrases

  • 中文:本地试吃龙虾 / 离线试吃龙虾 / 只在本地评测龙虾 / 龙虾本地模式
  • English: local lobster taste / offline lobster taste / run lobster locally / local lobster eval

Execution Rules

  1. Use a direct Python command on this skill directory's wrapper file. Never use cd ... && python ...; OpenClaw preflight may reject it.
  2. Prefer python3, then python, then py.
  3. If the user asked in Chinese, append --lang zh. If the user asked in English, append --lang en.
  4. Stream short progress updates while the benchmark is running.
  5. Keep stdout/stderr visible and remind the user that the full log is written to gigo-run.log.
  6. Do not run --help, inspect the whole repo, or switch to main.py once the wrapper command is clear. Start the wrapper directly.
  7. If the wrapper starts a long-running process, do not kill it just because stdout is quiet for a while. A full tasting run often takes 15-25 minutes.
  8. While a long run is in progress, monitor the process and tail the log file under ~/.openclaw/workspace/outputs/gigo-lobster-local/gigo-run.log instead of improvising a second execution path.
  9. Only declare failure if the process exits non-zero, the log shows a traceback, or the user explicitly asks to cancel.
  10. Stay attached until the wrapper exits. Do not end the conversation with “I will keep monitoring”; keep polling and only report completion once you have the final score/result files/ref_code (if any).
  11. Prefer process poll plus exec tail -n 50 .../gigo-run.log while monitoring. Do not use a generic full-file read on gigo-run.log, because the log can be large and may break the chat output.

Default Behavior

  • 中文:默认只在本地生成报告与证书,不上传云端。
  • English: By default it keeps everything local and does not upload to the cloud.

Recommended Command Shape

python3 /absolute/path/to/run_local.py --lang zh

If the user explicitly asks for overrides, append the matching CLI flags:

  • --lobster-name "..." and --lobster-tags "tag1,tag2" for a custom lobster persona
  • --output-dir /custom/path for a custom output directory
  • --require-png-cert when the user refuses the SVG fallback
  • --skip-upload or --register-only only when the user explicitly asks to change the default upload behavior

Persona Defaults

  • Explicit CLI overrides win first: --lobster-name and --lobster-tags
  • Then read GIGO_LOBSTER_NAME and GIGO_LOBSTER_TAGS
  • Then read SOUL.md
  • Finally fall back to the default lobster persona

Do not stop for interactive questions unless the user explicitly asks for an interactive run.

Comments

Loading comments...