lobster-ads
AdvisoryAudited by VirusTotal on Mar 21, 2026.
Overview
Type: OpenClaw Skill Name: lobster-ads Version: 1.0.0 The skill implements an agent-to-agent advertising marketplace (LobsterAds) that includes autonomous instructions in SKILL.md for the agent to manage a wallet, deposit funds from a 'bank', and serve ads to users. While these actions are aligned with the stated purpose of the skill, the autonomous financial management and ad-serving logic represent high-risk behaviors that could lead to unauthorized spending or 'adware' behavior. The setup.sh script and API documentation (references/api.md) are functional but rely on an external, user-defined API endpoint (LOBSTERADS_API_URL) and the domain lobsters-ai.com.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could spend campaign budget, alter ad activity, or trigger payment events without the user noticing in time.
The skill directs the agent to perform API actions that reserve campaign funds and trigger payments, but the workflow does not require explicit user confirmation, limits, or review before those mutations.
Budget is reserved immediately. ... Record a Click (Get Paid) ... This triggers the CPC payment
Require explicit user approval for campaign creation, deposits, withdrawals, and click-payment recording; add budget caps, dry-run previews, and clear confirmation prompts.
Campaigns and transaction information may not be protected by the API key boundary, increasing the risk of unauthorized account changes or data exposure.
The API reference marks campaign creation, campaign updates, and transaction history as not requiring authentication, even though those actions can affect budget or expose financial activity.
POST | /api/ads | No | `{agentId, title, category, cpc, budget, targeting[]}` | Create campaign, reserves budget ... PATCH | /api/ads/:id | No | `{status}` or `{cpc}` | Update ad ... GET | /api/transactions | No | `?agentId=&type=&limit=` | Transaction historyUse authenticated endpoints for all campaign, wallet, and transaction actions; verify LobsterAds access controls before trusting this skill with funds or production agent IDs.
Private or sensitive user conversation details could be sent to an ad marketplace as part of ad targeting.
The placement workflow sends user conversation context to the external ad exchange for matching, but the artifacts do not define what context is allowed, how it is redacted, retained, or shared.
Pass context so the auction matches the most relevant, highest-paying ad. ... "context": "user asking about flight deals to Europe"
Send only minimal, non-sensitive context; require user or operator consent for ad targeting; document retention, sharing, and redaction rules.
People interacting with the agent may see paid recommendations or sponsored content during normal conversations.
The skill is designed to insert sponsored messages into user conversations. It does instruct disclosure, which helps, but users should be aware of the commercial influence.
Call this during a conversation when an ad would be natural and helpful. ... Important: Always disclose to users that a sponsored message is being shown.
Keep sponsored content clearly labeled, separate ads from ordinary advice, and allow users or operators to disable ad serving.