Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lobster Distill
v1.0.5Lobster Distill — Cross-platform encrypted skill transfer system. Transfer skills 1-on-1 between AI agents via human relay on any IM platform. | 龙虾蒸馏 — 跨平台加密...
⭐ 0· 128·0 current·0 all-time
by@qiaoy01
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the actual behavior: share.sh packs, encrypts (AES-256-CBC + PBKDF2), uploads to a public temp file host, and emit a human-forwardable Note; receive.sh downloads, decrypts, and installs. Required tools (curl, openssl, tar) are standard and appropriate for this purpose.
Instruction Scope
SKILL.md and the scripts only instruct packing, encrypting, uploading, and installing. They do not request unrelated environment variables or read other system state. However, the Note embeds the decryption password alongside the upload URL (i.e., the secret and the ciphertext are forwarded together), which reduces secrecy and could allow anyone who intercepts the Note to obtain and install the skill. The receive instructions assume the agent will execute commands from the Note — running arbitrary installer code from an untrusted source is inherently risky.
Install Mechanism
No install spec; the skill is instruction + two small scripts. The scripts do not download executable code to be run during install (they upload/download encrypted archives and extract them). Upload target is a public file host (litterbox.catbox.moe), which is a third-party service but a reasonable choice for temporary file upload in this context.
Credentials
No environment variables, credentials, or config paths are requested. The scripts use only local tools (openssl, curl, tar) and create/clean up their own temp files.
Persistence & Privilege
always:false and normal autonomous invocation. The skill's ability to autonomously fetch and install remote skill packages is coherent with its purpose, but that capability increases risk if a malicious or compromised Note is forwarded and the agent executes it without human review. Consider restricting automatic execution or requiring explicit user confirmation before running received install steps.
Assessment
This skill does what it says: it packages a skill, encrypts it, uploads the ciphertext to a third-party temp host, and prints a Note that includes the download URL and the password so a human can forward it. Before installing or forwarding Notes consider: (1) Anyone who intercepts the Note (URL + password together) can download and decrypt the package — if secrecy matters, don't include the password in the same channel. (2) Never auto-run install commands from an untrusted sender — inspect the package contents (e.g., open the tar.gz in a safe sandbox) before extracting into your agent's skills/ directory. (3) The upload host is a public third-party service; verify its retention/visibility policy. (4) If you want stronger protection, use an out-of-band channel for the password or change the workflow so the receiver validates the sender. If you are unsure about executing received packages, restrict this skill from autonomous execution or require explicit user approval each time.Like a lobster shell, security has layers — review code before you run it.
latestvk9705fbvq7w59sa1xzfasn2ed9833my8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.