Install source points to URL shortener or raw IP.
Warn
- Code
- suspicious.install_untrusted_source
- Location
- openclaw.plugin.json:28
- Evidence
"baseUrl": "http://127.0.0.1:17475/v1",
Security audit
Security checks across malware telemetry and agentic risk
The Lobstah provider has a coherent P2P inference purpose, but its code automatically discovers peers and can persistently resume compute sharing despite opt-in wording.
Install only if you are comfortable with a P2P model provider that can send prompts to peer workers. Before using it, review the peer list, consider setting LOBSTAH_OPENCLAW_NO_NOSTR=1 to disable automatic Nostr discovery and LOBSTAH_BLOCK_PRIVATE_ADDRS=1 to reduce private-network URL exposure, and use `/lobstah share off` if you do not want your machine to keep sharing compute.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.install_untrusted_source
"baseUrl": "http://127.0.0.1:17475/v1",