Lobster Farmer Feeder

Security checks across malware telemetry and agentic risk

Overview

This is a narrowly scoped helper for a local Lobster Farmer game CLI, with no evidence of hidden data access or malicious behavior.

Install this only if you use the Lobster Farmer project. Before running it, verify you are in the correct project root and that `lobster-farmer` resolves to the expected local command, especially before allowing service start or batch feed operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description includes broad triggers like 'Use this skill when the user asks to feed a lobster, simulate model usage, batch-feed multiple models, or update growth state and emotion through the running local service,' which can match ordinary user requests without clearly requiring explicit game context. Because the skill executes a local CLI and may start a local service, overbroad activation increases the chance of unintended command execution in response to ambiguous prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal