Back to plugin

Security audit

Lobstah grid

Security checks across malware telemetry and agentic risk

Overview

The Lobstah provider has a coherent P2P inference purpose, but its code automatically discovers peers and can persistently resume compute sharing despite opt-in wording.

Install only if you are comfortable with a P2P model provider that can send prompts to peer workers. Before using it, review the peer list, consider setting LOBSTAH_OPENCLAW_NO_NOSTR=1 to disable automatic Nostr discovery and LOBSTAH_BLOCK_PRIVATE_ADDRS=1 to reduce private-network URL exposure, and use `/lobstah share off` if you do not want your machine to keep sharing compute.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:28
Evidence
"baseUrl": "http://127.0.0.1:17475/v1",