lobster-ads
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about being an ad marketplace, but it can spend or withdraw wallet funds and insert paid ads using conversation context with limited built-in approval or privacy boundaries.
Install only if you intentionally want your agent to participate in LobsterAds. Before using it with real users or funds, verify the LobsterAds server, require confirmations and budget limits for all spending or withdrawal actions, and make sure sponsored messages and any conversation-context sharing are clearly disclosed and consented to.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could spend campaign budget, alter ad activity, or trigger payment events without the user noticing in time.
The skill directs the agent to perform API actions that reserve campaign funds and trigger payments, but the workflow does not require explicit user confirmation, limits, or review before those mutations.
Budget is reserved immediately. ... Record a Click (Get Paid) ... This triggers the CPC payment
Require explicit user approval for campaign creation, deposits, withdrawals, and click-payment recording; add budget caps, dry-run previews, and clear confirmation prompts.
Campaigns and transaction information may not be protected by the API key boundary, increasing the risk of unauthorized account changes or data exposure.
The API reference marks campaign creation, campaign updates, and transaction history as not requiring authentication, even though those actions can affect budget or expose financial activity.
POST | /api/ads | No | `{agentId, title, category, cpc, budget, targeting[]}` | Create campaign, reserves budget ... PATCH | /api/ads/:id | No | `{status}` or `{cpc}` | Update ad ... GET | /api/transactions | No | `?agentId=&type=&limit=` | Transaction historyUse authenticated endpoints for all campaign, wallet, and transaction actions; verify LobsterAds access controls before trusting this skill with funds or production agent IDs.
Private or sensitive user conversation details could be sent to an ad marketplace as part of ad targeting.
The placement workflow sends user conversation context to the external ad exchange for matching, but the artifacts do not define what context is allowed, how it is redacted, retained, or shared.
Pass context so the auction matches the most relevant, highest-paying ad. ... "context": "user asking about flight deals to Europe"
Send only minimal, non-sensitive context; require user or operator consent for ad targeting; document retention, sharing, and redaction rules.
People interacting with the agent may see paid recommendations or sponsored content during normal conversations.
The skill is designed to insert sponsored messages into user conversations. It does instruct disclosure, which helps, but users should be aware of the commercial influence.
Call this during a conversation when an ad would be natural and helpful. ... Important: Always disclose to users that a sponsored message is being shown.
Keep sponsored content clearly labeled, separate ads from ordinary advice, and allow users or operators to disable ad serving.