ClawHub

Pixel Lobster Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local desktop avatar skill, with an optional mode that can listen to all desktop audio while it is running.

Install only if you are comfortable running a local Electron app and fetching its npm dependency. Keep audioMode set to tts for the narrowest behavior. Enable system mode only if you intentionally want the lobster to react to all desktop audio, including private calls, media, and notifications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The app supports a "system" mode that captures display media audio and analyzes all loopback/system sound, not just the intended TTS output. In a desktop overlay skill, this broadens collection to unrelated calls, media, notifications, or other sensitive audio-derived activity, creating an unnecessary privacy exposure even if raw audio is not transmitted here.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The renderer accepts a TTS server URL and envelope path from URL parameters and then fetches from that destination without validating that it is an expected local service. This expands the trust boundary from a bundled local avatar app to arbitrary configured endpoints, enabling unintended network access and possible data leakage about app usage or local reachability.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
System audio capture is initialized automatically where possible, with only console logging indicating what is happening. In an Electron desktop pet context, users may not realize the overlay is monitoring all system audio, which undermines informed consent and increases the chance of covert collection of sensitive audio-derived information.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The app continuously polls a configured server endpoint for envelope data but provides no user-facing notice that network requests are being made. While lower risk than raw audio upload, this still creates an undisclosed outbound communication channel and may contact unintended hosts if misconfigured.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
In system audio mode, the app automatically approves media and display-capture permissions and grants the first screen source with loopback audio, without any user-facing consent or origin restriction. This weakens Electron's permission boundary and could allow renderer-driven capture to start silently if the renderer or loaded content is ever compromised, which is especially sensitive because this app is a full-screen always-on-top desktop overlay.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal