ClawHub

Lobster Agent

Security checks across malware telemetry and agentic risk

Overview

This server-monitoring skill is mostly aligned with its stated purpose, but it asks for root-level persistent installation and cloud reporting without providing reviewable installer/source artifacts or enough data-handling detail.

Review this before installing on any real server. Ask the publisher for the actual installer, generated agent code, service unit, dependency list, telemetry schema, and uninstall behavior. Use a test Linux host first, use a least-privileged Coze API key, and only deploy where sending operational metrics and possible log-derived alerts to Coze is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs users to run a fully automated installation that creates directories under /opt and /var/log, installs a management command in /usr/local/bin, creates a systemd service, enables autostart, and requires root privileges, but it does not present a prominent warning about these privileged and persistent system modifications before installation. This can lead users to authorize broad system changes without informed consent, increasing the risk of unintended persistence, service exposure, or difficult rollback if the agent is misconfigured or compromised.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill prominently states that it automatically reports heartbeats, monitoring data, alerts, and node registration information to the Coze platform, but it does not provide a clear privacy and data-transmission warning describing what leaves the host, where it is sent, and what identifiers or potentially sensitive operational metadata are included. In a server-monitoring context, this omission is risky because system metrics, alerts, node IDs, and network behavior can reveal infrastructure details useful to attackers or violate organizational data-handling requirements.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal