ClawHub

LobsterOps

Security checks across malware telemetry and agentic risk

Overview

LobsterOps is a coherent agent observability tool, but users should treat its logs as sensitive because they can include prompts, reasoning, tool inputs, outputs, and errors.

Before installing, assume LobsterOps logs may contain private prompts, internal reasoning, tool arguments, tool results, credentials, customer data, and errors. Prefer local or memory storage for sensitive work, enable and test PII filtering, set short retention, restrict access to log files or Supabase tables, and avoid using broad Supabase service-role keys unless you have locked down the deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
This backend exposes broad bulk deletion primitives over observability events with flexible filters and no safeguards in this layer, such as role checks, confirmation barriers, or append-only enforcement. In the context of a flight recorder/debug console, that makes log tampering and loss of forensic evidence easier if higher layers mistakenly expose these methods to less-trusted callers.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes automatic capture of agent thoughts, tool calls, decisions, and outputs, which commonly contain secrets, prompts, personal data, and internal business context. Although the document later mentions PII filtering, it does not provide a prominent warning that sensitive data may still be logged, retained, exported, or sent to external backends, which can lead to unintentional data exposure in an observability product.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quick-start examples encourage immediate logging and debug inspection with 'zero config' while also documenting file, SQLite, and Supabase storage backends and automatic fallback behavior. Without an explicit warning in these examples, users may unknowingly persist sensitive agent data locally or to external services, increasing the risk of secret leakage, privacy violations, and accidental retention of internal traces.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The library records arbitrary agent events and later supports querying and export, but this file provides no consent, disclosure, or policy guardrails around what is captured and retained. In an AI observability context, logged events may include prompts, reasoning, tool inputs, secrets, or personal data, so silent persistence materially increases privacy and data-handling risk even with a PII filter present.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This module is designed to capture and forward agent reasoning/thought events, and the comments/options indicate that reasoning trace capture is enabled by default. In an observability/debugging skill, those traces can contain highly sensitive internal prompts, secrets, user data, or decision context; collecting them without explicit user-facing notice and consent creates a real privacy and data-exposure risk, especially because this skill's purpose is centralized telemetry.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The tool-call instrumentation forwards raw tool inputs and outputs to LobsterOps via logToolCall. Tool arguments and results commonly include credentials, file contents, API responses, customer data, or other secrets, so transmitting them to an observability backend without explicit disclosure or consent creates a significant confidentiality risk and broadens the blast radius of any backend compromise or misconfiguration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal