ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GIGO · Lobster Taster

v1.2.4

🦞 GIGO · gigo-lobster-taster: 正式试吃模式:跑完整评测,默认上传云端、生成个人结果页并进入排行榜。 Triggers: 试吃我的龙虾 / 品鉴我的龙虾 / lobster taste / lobster taster.

0· 154·1 current·1 all-time
byMengkun Liang@mengkunliang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code and wrappers: there are wrapper scripts (run_upload.py, run_doctor.py etc.), a main.py that runs benchmark flows, cert/report generation, and uploader/session/task-fetcher modules. Requiring Python and having image/qrcode/cipher libraries is consistent with generating certificates and handling encrypted task bundles.
!
Instruction Scope
SKILL.md tells the agent not to inspect the repo or run --help and instructs the agent to start the wrapper directly and to tail a home-directory log. This is unusual: a trustworthy skill normally does not forbid inspection of its own files. Combined with detected unicode-control-chars in SKILL.md (prompt-injection pattern), this is suspicious because it attempts to constrain what an evaluator/agent should check and may hide content or behaviour.
Install Mechanism
No install spec in manifest (instruction-only style), but code includes runtime bootstrapping (runtime_bootstrap.ensure_runtime) and references to pip-installable libs (cryptography, Pillow, qrcode). That implies the skill may install Python packages at runtime (moderate risk). There are no downloads from opaque URLs in the repo itself.
Credentials
The skill declares no required env vars or credentials, which fits its purpose. However it performs cloud interactions (task bundle fetching, session start, score upload, and builds landing-page URLs pointing at eval.agent-gigo.com). The lack of explicit declared credentials means authentication likely relies on the OpenClaw Gateway/session plumbing — users should verify where uploads go and whether any credentials or private data would be transmitted.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill writes outputs under ~/.openclaw/workspace/outputs/<skill-slug> and sets GIGO_ACTIVE_SKILL in entrypoint helpers — behavior is scoped to its own outputs and not requesting elevated platform-wide privileges.
Scan Findings in Context
[unicode-control-chars] unexpected: unicode control characters were detected in SKILL.md. These can be used to obfuscate or reorder visible text (e.g., right-to-left override) and are not needed for a benign runtime instruction file. Combined with explicit 'do not inspect the repo' guidance, this raises red flags about hiding content or manipulating automated evaluators.
What to consider before installing
What to consider before installing: - The skill mostly matches its description: it runs a multi-step Python benchmark, generates a report/certificate, and (by default) uploads results and registers a share page. That upload goes to an external service (landing pages mention eval.agent-gigo.com). Decide if you want your run published before proceeding. - SKILL.md actively instructs the agent not to inspect the repository and contains unicode control characters (a prompt-injection signal). That is unusual and could be an attempt to hide behavior. Before running, manually review the network/upload code paths: scripts/gateway_client.py, scripts/score_uploader.py, scripts/session_client.py, and scripts/task_fetcher.py to see what endpoints are contacted and what data is transmitted. - The package may bootstrap Python dependencies (pip/venv) at runtime. Run the included doctor (python run_doctor.py) first to see what will be installed and whether PNG certificate support requires extra packages. - If you are unsure or want to be safe: run the skill in an isolated environment (VM or container), use --offline or --skip-upload / gigo-lobster-local modes to avoid uploading results, and inspect the outputs/logs under ~/.openclaw/workspace/outputs/gigo-lobster-taster/gigo-run.log. Consider searching the repo for hard-coded URLs or secrets before allowing uploads. - If you want to proceed but minimize risk: run 'python run_doctor.py' then 'python run_upload.py --lang <zh|en> --skip-upload' (or use run_local/register modes as documented) and review the produced files and the network activity (e.g., with a proxy) before enabling default upload behavior.
!
scripts/tasting_config.json:3
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e400crf6h7e0qn2z0nc79y984xrd3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
OSmacOS · Linux · Windows
Any binpython3, python, py

Comments