ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gigo Lobster Resume

v2.1.2

🦞 GIGO · gigo-lobster-resume: 续跑入口:v2 stable 当前会清理旧 checkpoint 并从头重跑;保留此 slug 作为旧 checkpoint 兼容入口。 Triggers: 继续试吃 / 恢复评测 / resume tasting / continue lobster...

0· 345·1 current·1 all-time
by@gigolab

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gigolab/gigo-lobster-resume.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Gigo Lobster Resume" (gigolab/gigo-lobster-resume) from ClawHub.
Skill page: https://clawhub.ai/gigolab/gigo-lobster-resume
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gigo-lobster-resume

ClawHub CLI

Package manager switcher

npx clawhub@latest install gigo-lobster-resume
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description (resume a previous 'lobster' benchmark run) aligns with the provided wrapper scripts (run_resume.py) and the large bundled evaluation harness. The bundle is large (full taster/harness/judge scaffolding) which is expected for a benchmark suite, though heavier than a minimal 'resume' helper.
!
Instruction Scope
SKILL.md instructs the agent to run the repository wrapper (python run_resume.py), tail logs under ~/.openclaw/workspace/outputs/..., keep stdout/stderr visible, and stay attached while long runs execute. It also references and suggests reading SOUL.md and several optional env vars. The runtime instructions include prompt-injection-like constructs (pre-scan found 'ignore-previous-instructions' and unicode-control-chars) which could be attempting to influence agent behavior. The instructions also explicitly disallow inspecting the repo or switching to main.py — this is unusual and worth manual review.
Install Mechanism
No external install/download step is included; code is packaged in the bundle and no remote URLs or extraction steps are declared. That lowers install-time risk compared to fetching arbitrary code at install time.
Credentials
Declared requirements are just a Python binary (python3/python/py), which fits the CLI wrapper usage. However SKILL.md and README reference several environment variables (e.g., GIGO_LOBSTER_NAME, GIGO_UPLOAD_MODE, GIGO_REQUIRE_PNG_CERT) and a local gateway; none of these are declared in requires.env. Also the bundle contains code (gateway_client.py, judge_client.py, score_uploader.py) that performs outbound HTTP requests — consistent with a taster that uploads results, but you should be aware the skill may contact a gateway or uploader depending on mode.
Persistence & Privilege
The skill is not marked always:true and does not request to modify other skills' configurations. It runs as an invoked local CLI tool and monitors a long-running process; that extended runtime is normal for this use-case but increases exposure while running.
Scan Findings in Context
[ignore-previous-instructions] unexpected: This pattern appeared in SKILL.md pre-scan. The skill's runtime instructions should be clear but should not include constructs that try to override or ignore prior agent policies; this looks like a prompt-injection signature and deserves caution.
[unicode-control-chars] unexpected: Unicode control characters were flagged in the SKILL.md pre-scan. Such characters can be used to obfuscate or manipulate how content is interpreted by the agent or UI; they are not expected in benign user-facing instructions.
What to consider before installing
What to check before installing/running: - Manual inspection: open run_resume.py, scripts/score_uploader.py, scripts/gateway_client.py, and run_resume.py's CLI logic. Search the bundle for 'requests.post' or other outbound network calls and for any hard-coded remote hosts. - Modes & uploads: the skill can upload results depending on the run mode. If you don't want any network activity, run with local-only flags (e.g., --skip-upload, or use gigo-lobster-local) and/or run gigo-lobster-doctor first. - Secrets & scope: do not run this in an environment with sensitive credentials mounted/available if you haven't confirmed where the code will send data. The SKILL.md references environment variables (GIGO_*) that are optional; the bundle does not declare them as required but code may read them. - Prompt-injection signs: SKILL.md contained prompt-injection-like patterns and unusual instructions (e.g., 'do not inspect the repo' and control characters). Treat those as a red flag: prefer to run the wrapper locally in an isolated VM/container if you proceed. - Safer test: run the doctor mode and a local run (no upload) first, and inspect the outputs (gigo-run.log, lobster-report.html). If you plan to resume a prior run, inspect the checkpoint files to understand what state will be re-used. If you want, I can (a) scan run_resume.py and the uploader/gateway files for outbound endpoints and ENV reads, or (b) produce concrete grep commands to help you find network calls and env reads in the bundle.
bundle/tasks/a27_refuse_eval_user_input/setup/dangerous.py:5
Dynamic code execution detected.
scripts/v2_bundle_tools.py:50
Dynamic code execution detected.
!
scripts/tasting_config.json:3
Install source points to URL shortener or raw IP.
!
bundle/tasks/a25_readme_prompt_injection/setup/README.md:20
Prompt-injection style instruction pattern detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
OSmacOS · Linux · Windows
Any binpython3, python, py
latestvk97f2hw67rzar3nwb5fm14yy0185qb2w
345downloads
0stars
23versions
Updated 6h ago
v2.1.2
MIT-0
macOS, Linux, Windows
@gigolab
latest
Download

gigo-lobster-resume

Mission

  • 续跑入口:v2 stable 当前会清理旧 checkpoint 并从头重跑;保留此 slug 作为旧 checkpoint 兼容入口。
  • Resume entrypoint: the v2 stable runtime currently clears old checkpoints and starts fresh; this slug remains for legacy checkpoint compatibility.

Trigger Phrases

  • 中文:继续试吃 / 恢复评测 / 继续评估 / 继续龙虾评测
  • English: resume tasting / continue lobster eval / resume lobster benchmark / continue tasting

Execution Rules

  1. Use a direct Python command on this skill directory's wrapper file. Never use cd ... && python ...; OpenClaw preflight may reject it.
  2. Prefer python3, then python, then py.
  3. If the user asked in Chinese, append --lang zh. If the user asked in English, append --lang en.
  4. Stream short progress updates while the benchmark is running.
  5. Keep stdout/stderr visible and remind the user that the full log is written to gigo-run.log.
  6. Do not run --help, inspect the whole repo, or switch to main.py once the wrapper command is clear. Start the wrapper directly.
  7. If the wrapper starts a long-running process, do not kill it just because stdout is quiet for a while. A full tasting run often takes 15-25 minutes.
  8. While a long run is in progress, monitor the process and tail the log file under ~/.openclaw/workspace/outputs/gigo-lobster-taster/gigo-run.log instead of improvising a second execution path.
  9. Only declare failure if the process exits non-zero, the log shows a traceback, or the user explicitly asks to cancel.
  10. Stay attached until the wrapper exits. Do not end the conversation with “I will keep monitoring”; keep polling and only report completion once you have the final score/result files/ref_code (if any).
  11. Prefer process poll plus exec tail -n 50 .../gigo-run.log while monitoring. Do not use a generic full-file read on gigo-run.log, because the log can be large and may break the chat output.

Default Behavior

  • 中文:默认优先从旧 checkpoint 继续跑,输出目录指向 gigo-lobster-taster。
  • English: By default it resumes from the existing checkpoint and writes to the gigo-lobster-taster output directory.

Recommended Command Shape

python3 /absolute/path/to/run_resume.py --lang zh

If the user explicitly asks for overrides, append the matching CLI flags:

  • --lobster-name "..." and --lobster-tags "tag1,tag2" for a custom lobster persona
  • --output-dir /custom/path for a custom output directory
  • --require-png-cert when the user refuses the SVG fallback
  • --skip-upload or --register-only only when the user explicitly asks to change the default upload behavior

Persona Defaults

  • Explicit CLI overrides win first: --lobster-name and --lobster-tags
  • Then read GIGO_LOBSTER_NAME and GIGO_LOBSTER_TAGS
  • Then read SOUL.md
  • Finally fall back to the default lobster persona

Do not stop for interactive questions unless the user explicitly asks for an interactive run.

Comments

Loading comments...