lobstercash

Security checks across malware telemetry and agentic risk

Overview

This is a real payment-wallet skill, but it gives agents spending and transaction authority with too little final review in several flows.

Install only if you intend to give this agent controlled payment authority. Use low card and wallet limits, verify the npm package/source, require a final human review before any order or transaction submission, avoid raw transaction signing from untrusted tools, and do not reveal card details or bearer tokens through untrusted browser automation or unknown domains.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger criteria are extremely broad for a high-risk capability: phrases like "browse that site," "find me something to buy," "what can I buy," and generic payment or wallet intents can cause this skill to activate in ambiguous contexts. Because the skill can initiate spending flows, drive browser checkout, and reveal payment credentials, accidental invocation materially increases the chance of unauthorized purchases, wallet actions, or credential exposure.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documentation does not prominently warn that it may reveal virtual card credentials via `cards reveal` and may drive merchant checkout flows through built-in or external browser automation. In a payment skill, lack of upfront disclosure reduces operator awareness and increases the chance that sensitive card data is exposed to the agent or entered into third-party sites without informed human approval.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The guidance tells users to export LOBSTER_AGENT_ID for a shell session, which can silently override the active agent for all later commands in that terminal. In a payment and wallet-management skill, that creates a real risk of misrouting spending, transfers, or approvals to the wrong agent wallet, especially during parallel or long-lived sessions where users may forget the override is still set.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The flow directs the agent to automate browsing and checkout using personal data like shipping address, email, and phone, and to share those details with third-party merchant sites, but it does not require an explicit privacy notice or user acknowledgment before transmission. In a payment and shopping skill, this omission is meaningful because the agent is handling sensitive identity and purchasing data and may submit it automatically once authorized for the purchase amount.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The reference explicitly tells operators to place shipping address, contact details, and other personal data into a free-form `--description` field that is consumed verbatim by browser automation. Free-text fields are commonly logged, retained, echoed in telemetry, or exposed to downstream services, so encouraging users to concentrate sensitive data there without a privacy warning or data-minimization guidance creates avoidable privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation states that the order is placed automatically as long as the cart total is under `--max-total`, with no review-and-confirm step. In a spending and checkout skill, that is materially dangerous because mistakes in product selection, quantity, shipping, subscriptions, or merchant page state can result in irreversible purchases before a human can catch them.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This guidance explicitly supports signing and submitting arbitrary blockchain transactions supplied by external tools or systems, but it does not require verification of transaction contents, destination, approvals, or user confirmation of the exact on-chain effects. In a payment/wallet skill, that omission is dangerous because serialized transactions can encode irreversible fund transfers, token approvals, or malicious contract interactions that the agent may blindly execute.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The file explicitly instructs the agent to "pay automatically from the agent wallet" and later tells the operator to hide payment mechanics from the user unless asked. In a spending skill, that omission is risky because a user or downstream agent may trigger a paid fetch without clear informed consent, causing unintended wallet spend and making abuse of expensive endpoints easier to conceal.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guidance encourages passing `Authorization: Bearer <token>` headers to arbitrary target URLs without warning that this sends sensitive credentials directly to the remote server. In this skill's context of automated browsing, shopping, and payments, that can expose API tokens to attacker-controlled endpoints, enabling account compromise, data theft, or additional unauthorized spending.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal