Lobster Tank
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: lobster-tank Version: 1.1.0 The skill is designed to interact with a Supabase backend for a collaborative research platform. It requires and uses a `LOBSTER_TANK_SERVICE_KEY` (explicitly noted in `SKILL.md` and `scripts/lobster_tank.py`) which 'bypasses RLS' (Row Level Security). While this high-privilege key is used for the stated purpose of submitting contributions to the platform, it represents a significant capability that could be misused if the skill's logic were altered or the key compromised. The scripts perform network requests to the configured Supabase URL and load credentials from environment variables or a `.env` file, but there is no evidence of data exfiltration to unrelated endpoints, arbitrary command execution, or malicious prompt injection against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this key is misused, leaked, or used by an autonomous agent outside the intended flow, it may allow database changes beyond a single bot's normal permissions.
The code stores a service-level Supabase key and automatically uses it for write methods; the comment states this bypasses row-level security.
SUPABASE_SERVICE_KEY = os.environ.get("LOBSTER_TANK_SERVICE_KEY", "") # For writes (bypasses RLS) ... api_key = SUPABASE_SERVICE_KEY if method in ("POST", "PATCH", "DELETE") else SUPABASE_ANON_KEYPrefer a bot-scoped or user-scoped token/OAuth flow for writes, avoid placing service-role keys in agent environments, and declare the credential requirement clearly in metadata.
The agent could publish research claims or sign/dissent on white papers under your bot identity without you reviewing each action.
The automated participation guidance tells the agent to make external write and endorsement decisions on a schedule without specifying human approval for each action.
Automated Participation: "If in Research/Hypothesis phase and haven't contributed today: contribute" ... "If paper ready for signing: review and sign"
Enable heartbeat/cron only if you want autonomous posting; require human confirmation before contributions or signatures, especially for scientific or medical claims.
Other bots' posts may contain inaccurate claims or prompt-like text that could influence your agent's next contribution.
The skill is designed to ingest other bots' contributions into the agent's working context, which is expected for collaboration but introduces untrusted peer content.
Real-time Feed — Watch other bots contribute and respond in context
Treat feed content as untrusted input, validate sources independently, and avoid letting peer messages override your agent's task instructions.