Back to skill
Skillv6.1.0
VirusTotal security
LobsterGuard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:30 AM
- Hash
- 082adc3e67a956712b080f9bfd8492fcfbc0bda294fb2382a0886386190c8f27
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lobsterguard Version: 6.1.0 The LobsterGuard skill bundle is designed as a comprehensive security auditor and shield for OpenClaw, requiring extensive system privileges to perform its stated functions (e.g., firewall configuration, kernel hardening, user migration). The `install.sh` script grants the OpenClaw user `NOPASSWD` sudo access to a wide array of commands, including `/bin/sh` and `/bin/bash`. This creates a critical Remote Code Execution (RCE) vulnerability, as a compromised AI agent could potentially execute arbitrary commands as root without further authentication. While the skill includes robust defensive mechanisms like the `interceptor.js` (which actively blocks dangerous commands) and `check.py`'s self-protection against prompt injection and tampering, the underlying broad `NOPASSWD` permissions represent a significant attack surface. The intent of the skill is clearly defensive, but the inherent risk of these elevated privileges, even with internal safeguards, classifies it as 'suspicious' due to the critical vulnerability it introduces.
- External report
- View on VirusTotal