Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lobster
v1.0.1Lobster workflow runtime for deterministic pipelines with approval gates. Use when: (1) Running multi-step automations that need human approval before side effects, (2) Monitoring PRs/issues for changes, (3) Processing data through typed JSON pipelines, (4) Email triage or batch operations, (5) Any workflow that should halt and ask before acting. Lobster saves tokens by running deterministic pipelines instead of re-planning each step.
⭐ 2· 2.9k·21 current·22 all-time
by@guwidoe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose (deterministic workflow runtime with approval gates) matches the examples and commands in SKILL.md. However, the metadata declares no required binaries or env vars while the instructions clearly expect a Node-based CLI, the GitHub CLI (gh), jq, and optionally clawd.invoke integration. The omission of these requirements is disproportionate to the documented functionality and is an incoherence.
Instruction Scope
Runtime instructions tell the agent to execute arbitrary shell commands (exec --json --shell "...") and to read/write persistent state (~/.lobster/state). They also include examples that run gh and jq, read workflow files, and call clawd.invoke which sends data to an external CLAWD_URL/CLAWD_TOKEN. This grants the skill the ability to run arbitrary commands and transmit data outside the agent — appropriate for a workflow runner but high-risk if the skill's provenance is unknown. The SKILL.md also contains hardcoded path examples (e.g., /home/molt/...) which suggest expectations about local installs.
Install Mechanism
There is no install spec (instruction-only), which minimizes automatic disk writes. The README suggests installing a Node package (npm install -g @clawdbot/lobster) or using a local node script; those are reasonable but not enforced. Because the skill is instruction-only, the scanner had no code to review; this is lower install risk but increases reliance on the user to follow installation guidance safely.
Credentials
Metadata lists no required environment variables, yet SKILL.md explicitly references CLAWD_URL and CLAWD_TOKEN for Clawdbot integration and allows overriding LOBSTER_STATE_DIR. Requesting a service token (CLAWD_TOKEN) is reasonable for Clawdbot calls, but the skill fails to declare it. The absence of declared secrets alongside instructions that use them is an inconsistency that can lead to accidental credential exposure if users assume none are needed.
Persistence & Privilege
The runtime uses persistent state (~/.lobster/state) and implements resume/approval tokens. The skill does not request always:true and does not modify other skills. Persistent state is coherent with the workflow purpose, but users should be aware the agent (when executing the CLI) will read/write files in the user home directory.
What to consider before installing
This skill looks like a legitimate workflow runner, but its metadata does not match its documentation. Before installing or invoking: 1) Verify the source repository (github.com/guwidoe/lobster-skill) and inspect the actual published package; 2) Do not supply CLAWD_TOKEN/CLAWD_URL or other secrets unless you trust the code — the SKILL.md uses these but the skill metadata doesn't declare them; 3) Expect the skill to execute arbitrary shell commands (gh, jq, node) and to read/write ~/.lobster/state — run it in a sandbox or on a dedicated account if possible; 4) Prefer only installing from an official package release (check signatures/maintainer) rather than running unknown scripts; 5) Ask the publisher to update the metadata to declare required binaries and env vars (gh, jq, node, CLAWD_*), and to provide the package source and a reproducible install method. If you cannot validate the source, treat this skill as risky.Like a lobster shell, security has layers — review code before you run it.
latestvk9708phy83jd0hdezzbnnta7d58051gq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.