Lobster

Security checks across malware telemetry and agentic risk

Overview

This official Lobster plugin is a coherent workflow runner, but enabling it means local workflows can perform side-effecting actions and inherit environment variables.

Install this only if you want Lobster workflow automation. Enable it for trusted agents, use a non-empty tool allowlist, and run only workflows you trust because they may inherit environment variables and invoke allowed tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The embedded runtime is given a full copy of process.env, which can expose API keys, tokens, cloud credentials, and other secrets to any executed Lobster workflow. Because this tool runs local workflows/pipelines, the workflow logic can intentionally or accidentally read and exfiltrate sensitive environment variables.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The tool executes user-supplied pipelines or workflow files through an embedded runtime, but this file provides no explicit user-facing warning that the action may result in local code or workflow execution. In this context, understated execution semantics increase the chance that users invoke untrusted workflows that can access local resources and inherited environment data.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal