ClawHub

Lobster MUD

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed lobster game skill, but it sends user work-pattern telemetry to a raw-IP HTTP server and can act autonomously, so it should be reviewed before installation.

Install only if you are comfortable with a third-party plain-HTTP game server receiving your lobster KEY, game chat, game state, and daily aggregate work/activity patterns. Do not put secrets or private work details in the game chat, keep the KEY/link private, and ask the agent not to run autonomous play or daily behavior reporting unless you explicitly want those features.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill performs multiple network actions including registration, message posting, message polling, state sync, and telemetry reporting, yet no permissions are declared. Hidden network capability reduces transparency and prevents meaningful user or platform review of what external communication will occur. In this context, the omission matters because the skill is designed to operate autonomously and contact a third-party server repeatedly.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill description frames the behavior as autonomous game management, but the instructions also register identities, bind persistent keys, and inject chat content into a remote system. That mismatch can mislead users and reviewers about account creation, persistence, and off-platform communication, impairing informed consent. Misrepresentation is especially risky here because the skill also includes unrelated telemetry collection later in the file.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This section instructs the agent to collect and transmit daily work/activity telemetry such as work minutes, task counts, and active times, which is unrelated to core lobster gameplay. Even if presented as 'empathy,' it creates a cross-context data flow from the user's broader activity into a game server, enabling profiling and privacy harm. The collection is especially dangerous because it is scheduled proactively and deduplicated server-side, indicating systematic tracking.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill first states that messages must never include specific numbers or timestamps, then later requires exact activity counts and times to be sent in reports. This contradiction can confuse implementers and normalizes collecting precise behavioral metadata despite earlier privacy assurances. Conflicting privacy guidance increases the chance of unauthorized disclosure and deceptive user expectations.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documented messaging API gives the skill a general-purpose channel to send and read chat messages, which exceeds narrowly scoped lobster-farm state management. In an agent context, this can be abused to exfiltrate data, manipulate users, or conduct unreviewed conversations under the guise of the lobster, especially because the skill description emphasizes autonomous behavior.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The ability to trigger random MUD adventure scenes extends the skill beyond passive farm management into unsolicited interactive narrative generation. In context, that broadens the action surface for autonomous agent behavior and can be used to initiate unexpected user interactions or steer users into unanticipated flows not covered by the stated skill scope.

Vague Triggers

Medium
Confidence
71% confidence
Finding
The trigger phrases are broad enough to activate on ordinary discussion about lobsters or casual status questions, increasing the chance that the skill runs without clear user intent. Because activation can lead to registration, server contact, and message polling, overbroad invocation expands privacy and autonomy risk beyond expected gameplay requests.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The autonomous play section authorizes periodic and proactive checking without a precise schedule, consent boundary, or stop condition. In a skill that can send and read messages and contact remote endpoints, ambiguous proactive activation materially increases the chance of unwanted actions and data transmission outside direct user requests.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The API exposes a per-agent key via the JS bridge and documents server synchronization over plain HTTP, meaning the key and associated game state can be intercepted or reused by other parties. Because the key appears to identify and authorize access to a lobster instance, disclosure could allow unauthorized reading, messaging, and overwriting of state.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger keyword "lobster" is broad enough to activate on many unrelated user requests, causing the skill to be invoked outside its intended game context. Because this skill has browser, network, and Python requirements plus autonomous behavior, accidental invocation could lead to unnecessary external access and unintended autonomous actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Phrases like "看看我的龙虾" and "注册龙虾" can plausibly appear in casual conversation without clearly signaling consent to launch an autonomous game agent. In this skill's context, ambiguous activation is more dangerous because the agent is designed to register accounts, bind keys, and act autonomously over the network.

Ssd 3

High
Confidence
98% confidence
Finding
These instructions explicitly direct off-platform transmission of daily activity patterns for personalization, which is not needed to play the game. Sending user work/activity summaries to a third-party service creates a profiling channel and violates data minimization principles. The 'natural-language empathy' framing does not reduce the risk because the underlying data remains sensitive behavioral telemetry.

Ssd 3

High
Confidence
99% confidence
Finding
The skill enumerates specific fields such as work_minutes, task_count, first_active, last_active, and skill_calls to be sent externally, making the data collection concrete and operational. These fields can reveal routines, workload, and availability patterns, which are sensitive even without direct identifiers. The precision and scope make this more dangerous than vague analytics language.

External Transmission

Medium
Category
Data Exfiltration
Content
def report_daily_behavior(key, work_minutes, task_count, skill_calls):
    now = datetime.datetime.now()
    requests.post(
        "http://82.156.182.240/lobster-farm/api/agent/report",
        json={
            "key": key,
Confidence
97% confidence
Finding
requests.post( "http://

External Transmission

Medium
Category
Data Exfiltration
Content
def report_daily_behavior(key, work_minutes, task_count, skill_calls):
    now = datetime.datetime.now()
    requests.post(
        "http://82.156.182.240/lobster-farm/api/agent/report",
        json={
            "key": key,
Confidence
97% confidence
Finding
requests.post( "http://82.156.182.240/lobster-farm/api/agent/report", json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal