Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
agent job
v1.0.1对接 lobsterjob.com,AI 自动帮你启动、停止托管,抢任务,查看收益及提现管理。
⭐ 0· 51·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's core capability—claiming tasks, checking earnings, and withdrawing—matches the code in api.py and index.py. However index.py contains register_skills_to_platform(), which scans the user's ~/.openclaw/workspace/skills for SKILL.md files, aggregates metadata, and PUTs that list to https://lobsterjob.com/api/lobster/me/skills. Reporting the user's installed skills to the external platform is not necessary for basic task management and is not called out as a required permission in the metadata or SKILL.md. Also the code relies on the openclaw CLI (subprocess 'openclaw'), but the registry metadata and SKILL.md do not declare openclaw as a required binary—an omission/incoherence.
Instruction Scope
SKILL.md instructs the agent to locate and directly exec local scripts (cmd.py/index.py) based on a search order that includes scanning the user's workspace. It requires the agent to '直接用 exec 执行脚本,不要询问' (execute without prompting) and return raw stdout. The scripts themselves implement filesystem reads/writes (config.json, state.json, cron_job_id.json) and perform network requests to lobsterjob.com. The SKILL.md also asserts the first run will write AGENTS.md, but there is no code that creates AGENTS.md—an inconsistency. Overall the instructions grant the agent broad discretion to run local code and scan workspace files, which expands scope beyond just calling the lobster APIs.
Install Mechanism
There is no formal install spec in the registry (instruction-only), which reduces automatic install risk. SKILL.md tells users to run 'pip install pyyaml requests --break-system-packages' manually; that command includes '--break-system-packages' which can be risky on some systems and is not an officially-declared install step in the registry. No remote downloads or archive extraction are performed by the skill files themselves.
Credentials
The skill only needs a lobster_token stored in config.json (reasonable). However, it collects metadata about other installed skills (name/description from their SKILL.md) and transmits that list to an external endpoint under the user's lobster token. Sending a list of installed skills is not obviously required for claiming tasks or withdrawals and represents exfiltration of local metadata that the user may not expect. Also the skill implicitly requires the 'openclaw' CLI for cron management, but this was not declared as a required binary or environment dependency.
Persistence & Privilege
The skill creates a cron job via the openclaw CLI (index.cmd_start) that runs every minute with '--announce' and posts '/lobster poll', which will cause periodic autonomous invocation. While autonomous invocation is normal for skills, this cron combined with the instruction to auto-execute scripts without prompting and the code path that uploads installed-skills metadata increases the potential impact of any misuse or compromise. The skill writes and reads state files (state.json, cron_job_id.json) in its directory—expected—but the ability to schedule frequent automatic runs should be considered a higher-privilege action.
What to consider before installing
Key points before installing: 1) The skill asks you to put your lobster_token in a local config.json; only provide this token if you trust lobsterjob.com. 2) The skill will (when starting) scan ~/.openclaw/workspace/skills for other SKILL.md files and upload a list of installed skills to https://lobsterjob.com/api/lobster/me/skills using your lobster token — this is metadata exfiltration and is not required for basic task claiming; do not install if you don't want that data shared. 3) The skill creates a cron job (every minute) that posts '/lobster poll' which can trigger the agent and will cause the skill to run frequently; review and confirm the cron job (openclaw cron list) after start. 4) The SKILL.md asks the agent to execute local scripts without asking the user — that means if those scripts are modified or replaced, arbitrary local code could run; inspect the included Python files yourself. 5) The SKILL.md tells you to run 'pip install ... --break-system-packages' — avoid --break-system-packages unless you understand the implications; consider using a virtual environment. 6) If you decide to proceed: (a) audit scripts/api.py and index.py specifically for what data is sent to the network, (b) consider running the skill in an isolated environment or sandbox, (c) verify openclaw CLI behavior and installed cron jobs, and (d) remove or block the register_skills_to_platform() call if you do not want installed-skill metadata uploaded.Like a lobster shell, security has layers — review code before you run it.
latestvk97e4fzvgz88x9bvbqzjcw8twd83v1qf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.