ClawHub

Lobster Comm

Security checks across malware telemetry and agentic risk

Overview

This is a coherent peer-to-peer messaging skill, but it needs review because it runs a network daemon, stores messages and signing keys locally, and its signature checks do not actually prove a message came from a trusted peer.

Install only if you intend to run a local UDP messaging daemon and can restrict access to trusted peers. Do not treat the built-in signature check as peer authentication unless you add peer-key pinning or TOFU enforcement, restrict firewall/Tailscale access to expected machines, avoid sending secrets, and periodically clean or protect the stored messages and identity key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises operational capabilities such as file read/write and shell-driven daemon setup, but does not declare permissions or clearly bound those actions. That creates a trust and consent gap: an agent may invoke filesystem changes, background processes, or local commands the user did not explicitly authorize, increasing the chance of unintended persistence or system modification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents persistent storage of inbox/outbox data and recommends auto-start background services, but does not provide an explicit warning about retained message contents, local artifacts, network listeners, or startup persistence. This is dangerous because users may unknowingly deploy a service that stores potentially sensitive inter-agent messages and survives reboots, expanding the attack surface and privacy impact.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The protocol explicitly states that the 32-byte Ed25519 seed is stored locally on first run, but provides no requirements for secure storage, access controls, encryption at rest, OS keychain usage, or operator warning about the sensitivity of this material. Because the seed is the private signing secret, local compromise, backup leakage, or accidental exposure would let an attacker fully impersonate the node and forge authenticated LCP messages.

Session Persistence

Medium
Category
Rogue Agent
Content
## Auto-start (macOS)

Create a LaunchAgent plist pointing to `lcp_node.py` with `RunAtLoad=true` and `KeepAlive` for crash recovery.

## Auto-start (Windows)
Confidence
92% confidence
Finding
plist

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal