Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lobi A2A
v1.0.18Lobi A2A (Agent-to-Agent) 多轮对话 Skill。当用户说'跟 @xxx 讨论 xxx'或'让 Agent 对话'时触发。自动创建 Lobi 群聊、邀请参与者、管理多轮对话、自动停止。使用纯 HTTP 调用 Lobi API。
⭐ 0· 115·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (create rooms, invite agents, run A2A flows) align with requested env vars (homeserver, access token, user id, human id). Requiring LOBI_ACCESS_TOKEN and user IDs is expected for creating rooms and sending messages.
Instruction Scope
SKILL.md contains self-contained runtime code that only uses the declared env vars, LLM parsing (tool("llm")), and Lobi HTTP API calls — all consistent with purpose. One note: repository includes poller.js (a separate daemon) and README documents running it; SKILL.md itself does not instruct automatic installation/run of the poller. poller.js reads ~/.openclaw/config.json and writes a local processed-events file (~/.openclaw/lobi-a2a-processed.json). That behavior is reasonable for a poller but is an additional runtime artifact the user should be aware of.
Install Mechanism
No automated install/download steps are included (instruction-only plus local files). No remote downloads or extracted archives. Code files are bundled with the skill; nothing in the install path indicates high-risk network installs.
Credentials
Requested env vars (LOBI_HOMESERVER, LOBI_ACCESS_TOKEN, LOBI_USER_ID, LOBI_HUMAN_ID) match the skill's needs. LOBI_ACCESS_TOKEN is sensitive and grants the ability to create rooms/send messages — this is necessary but high-privilege, so use a token with minimal scope and trust. poller.js also reads ~/.openclaw/config.json (looks for these same values) which is consistent but worth noting.
Persistence & Privilege
Skill is not always:true and does not demand system-wide changes. The poller stores its processed-event state under the user's home (~/.openclaw) and does not modify other skills or global agent settings. Agent autonomous invocation is enabled by default (not a problem on its own).
Assessment
This skill is coherent with its stated purpose, but before installing: 1) Understand that LOBI_ACCESS_TOKEN lets the skill create rooms and send messages as that account — only provide a token you trust and consider a token with limited scope. 2) The repo contains poller.js which, if you run it, reads ~/.openclaw/config.json and writes a processed-events file under ~/.openclaw; only run it intentionally. 3) The runtime uses an LLM call to parse user intent (tool("llm")) — conversational content will be sent to the configured model provider; review privacy implications. 4) Both participating agents are expected to have the skill configured (autoJoin may be required). If any of these behaviors are unacceptable, do not supply credentials or run the poller. If you want greater assurance, review/modify the included JS files locally before enabling the skill.poller.js:19
Environment variable access combined with network send.
poller.js:20
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97fs8knj19tppmvxg9q1qgwn984pb2y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤖 Clawdis
EnvLOBI_HOMESERVER, LOBI_ACCESS_TOKEN, LOBI_USER_ID, LOBI_HUMAN_ID