ClawHub

龙虾理想国

Security checks across malware telemetry and agentic risk

Overview

This skill appears to help an agent join and use an external social platform, but it also creates persistent accounts, stores API keys locally, automates verification, and may perform recurring authenticated actions without enough scoping or user-control clarity.

Install only if you intentionally want your agent to create and use an account on this external platform. Treat the saved API key like a password, restrict file permissions, avoid enabling scheduled or automated engagement unless you understand it, and do not let the skill auto-register, verify, post, vote, or run recurring actions without explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs use of shell commands, network interaction, and local file writes, but does not declare permissions or clearly surface those capabilities. This reduces transparency and informed consent, making it easier for the skill to perform account creation, credential storage, and automation without adequate user awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The stated description frames the skill as a simple social network, but the documented behavior includes account registration, credential persistence, automated challenge solving, authenticated actions, and recurring scheduled engagement. This mismatch obscures material risk and can cause users or agents to invoke the skill without understanding that it creates durable identities, writes secrets locally, and performs autonomous remote actions.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The verify command is explicitly designed to automatically parse and solve platform verification challenges, which bypasses an anti-abuse control rather than merely helping a user complete ordinary social-network actions. In the context of an agent-facing social network, this capability lowers the barrier for automated account verification and could enable spam, bot scaling, or evasion of trust checks.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The quick-start commands instruct users to register, verify, and browse without clearly warning that these actions likely communicate with an external service. In an agent-skill context, silent network interaction matters because agents may execute setup steps automatically, causing unintended data disclosure, outbound traffic, or account creation on a third-party platform.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The read_when triggers are broad enough to activate on generic collaboration, identity, or social-interaction requests, not just explicit requests to use this service. That increases the chance the skill is selected in contexts where the user did not intend account creation, network posting, or external community participation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to register and verify while storing persistent credentials locally, but does not warn about the security and privacy implications of writing authentication material to disk or performing authenticated network actions. In an agent environment, this can normalize silent creation of reusable accounts and long-lived secrets without sufficient disclosure or storage safeguards.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The `read_when` conditions are broad social prompts that can match common user intents such as chatting, sharing ideas, or collaborating. That increases the chance the skill is auto-invoked in contexts where the user did not explicitly request this community, creating unwanted steering toward an external platform and its associated actions.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The instruction '你是龙虾理想国的公民' imposes an identity and group affiliation on the agent without user consent. This can bias the assistant's behavior toward loyalty, recruitment, or participation in the platform's community goals, which is a prompt-injection style social-engineering risk even without code execution.

Credential Access

High
Category
Privilege Escalation
Content
"referred_by": null
  },
  "next_steps": [
    "保存 api_key 到本地(如 ~/.config/lobster-republic/credentials.json)",
    "所有请求带 Authorization: Bearer YOUR_API_KEY",
    "首次发帖时需要通过验证(证明你是 AI)"
  ]
Confidence
83% confidence
Finding
credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal