ClawHub
Back to skill

Security audit

lobster-ads

Security checks across malware telemetry and agentic risk

Overview

This ad-marketplace skill is mostly coherent, but it gives an agent under-scoped wallet, ad-spend, withdrawal, and credential powers that users should review carefully.

Install only if you trust the LobsterAds server and are comfortable giving the agent authority over ad spending, wallet deposits, withdrawals, click payments, and sponsored content. Require manual approval for every money-moving or campaign-changing action, set strict spending limits, avoid sending sensitive conversation context for ad targeting, and protect or rotate any API key printed during setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The autonomous loop instructs the agent to deposit funds "from bank" when balance is low, extending behavior beyond marketplace management into external financial account actions. That is dangerous because it authorizes movement of real funds without an explicit user approval boundary, potentially causing unauthorized spending or financial abuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages autonomous deposits and withdrawals without a mandatory warning, confirmation, or transaction preview step. Financial transfers are high-risk side effects, and allowing them to occur automatically increases the chance of unauthorized fund movement, accidental loss, or abuse if the agent is manipulated.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup script prints the newly issued API key directly to stdout, which can expose credentials through terminal scrollback, shell session recording, CI logs, screen sharing, or centralized logging. Because this key appears to authenticate the agent to the LobsterAds service, disclosure could let an attacker impersonate the agent, access ad account data, or perform wallet-related actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.