ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lobster Farmer Feeder

v0.1.2

Feed lobsters in the Lobster Farmer game by calling the local CLI command `lobster-farmer feed` with `--model`, `--input-tokens`, `--output-tokens`, and opti...

0· 382·0 current·0 all-time
byMuRong@murongg
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md and agent manifest align with the stated purpose (invoking the local `lobster-farmer` CLI to feed lobsters). One minor omission: the instructions assume a Node.js runtime and a project-local CLI binary (bin/lobster-farmer.cjs) or an installed `lobster-farmer` command, but the skill does not declare these as required binaries. This is expected for an instruction-only skill but the user should confirm those prerequisites exist before running it.
Instruction Scope
Instructions stay within scope: check service status, start it if necessary, and run `lobster-farmer feed` with model/token/emotion args. The instructions reference only project-local paths and the CLI; they do not ask the agent to read unrelated files, environment variables, or send data to external endpoints.
Install Mechanism
No install spec or external downloads — lowest-risk model. Nothing will be written to disk by the skill itself; it only instructs running an existing local CLI/service.
Credentials
The skill requests no environment variables or credentials. It does imply the ability to execute local commands and to start/stop a local service, which is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. Note: as with any skill that runs local commands, the agent (when invoked) needs permission to execute CLI commands and manage the local service.
Assessment
This skill is instruction-only and appears coherent, but check these before installing: 1) Confirm you have the Lobster Farmer CLI (or Node.js and the project with bin/lobster-farmer.cjs) in the expected project root—otherwise the commands will fail. 2) Be aware the agent will run local commands and may start a local service (ensure you trust the project and its binaries). 3) There are no external endpoints or credentials requested by the skill, but if you run it, validate the CLI is from a trusted source. 4) If you do not want an agent to execute host commands autonomously, avoid enabling autonomous invocation for this skill or review agent permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk971pncxf0nm22pwtfdz0xkg5h827rpm
382downloads
0stars
3versions
Updated 18h ago
v0.1.2
MIT-0
MuRong@murongg
latest
Download

Lobster Farmer Feeder

Feed model-specific lobsters by invoking the local CLI and report the resulting growth metrics.

Workflow

  1. Confirm command context.
  • Run from the Lobster Farmer project root where bin/lobster-farmer.cjs exists.
  • Prefer the installed command lobster-farmer; use node ./bin/lobster-farmer.cjs as fallback.
  1. Ensure service is reachable.
  • Check status first:
lobster-farmer status
  • If stopped, start service:
lobster-farmer start
  • Respect explicit user port preference with --port.
  1. Execute feed command.
  • Single feed:
lobster-farmer feed --model "<model>" --input-tokens <n> --output-tokens <m> [--emotion "<text>"] [--port <p>]
  • Short flags:
lobster-farmer feed -m "<model>" -i <n> -o <m> [-e "<text>"] -p <p>
  1. Return result to user.
  • Include model name, input/output token values, emotion, lobster total tokens, feed count, and size.
  • If requested, run multiple feed commands sequentially and summarize each result.

Parameter Rules

  • Require model as non-empty string.
  • Require input_tokens + output_tokens > 0.
  • emotion is optional; if omitted, UI should show ?.
  • Keep token values as integers and non-negative.
  • If user gives only a single total token value, default to: input_tokens = total, output_tokens = 0, unless user specifies another split.

Error Handling

  • feed request failed: fetch failed: Service is not running or port is wrong. Start server and retry.
  • API validation errors: Relay backend message directly (for example invalid token values).
  • Port mismatch: Retry with explicit --port matching the running service.

Quick Examples

  • Feed one lobster:
lobster-farmer feed --model gpt-4.1 --input-tokens 800 --output-tokens 400
  • Feed with emotion:
lobster-farmer feed --model gpt-4.1 --input-tokens 800 --output-tokens 400 --emotion "focused"
  • Feed different models:
lobster-farmer feed --model claude-3.7 --input-tokens 1200 --output-tokens 300
lobster-farmer feed --model qwen-max --input-tokens 600 --output-tokens 200

Comments

Loading comments...