Lobstr
PassAudited by ClawScan on May 10, 2026.
Overview
Lobstr is a coherent startup-idea scoring skill, but it sends idea text to external services and optional flags can publish or post results.
Before installing, make sure you are comfortable sending startup ideas to runlobstr.com by default. Do not use --public or --moltbook unless you want the result published or posted. If using BYOK mode, protect your Anthropic, Exa, and Moltbook keys and review the full script if you need stronger assurance, since the supplied script artifact was truncated.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your idea text leaves the local agent and is processed by runlobstr.com in default mode.
The user's startup idea is transmitted to an external hosted scoring service. This is disclosed and central to the skill, but startup ideas may be confidential.
Idea text is sent to runlobstr.com for scoring; see SECURITY.md for full data flow.
Avoid scanning confidential or proprietary ideas unless you are comfortable sending them to the disclosed service.
If these flags are used, the idea and score may become public or posted under an account/community context.
The skill includes flags that can publish the score card or post it to a community. These actions are documented and not the default path, but they can make user content public.
| `--public` | Also publish to runlobstr.com and show share URL |\n| `--moltbook` | Also post to m/lobstrscore on Moltbook |
Use --public or --moltbook only when the user explicitly asks to publish or post the result.
Using BYOK or Moltbook mode may consume third-party API quotas or act through the configured account credentials.
Optional credentials allow the skill to call third-party APIs or post to Moltbook. The artifacts say they are environment-only and optional, which is appropriate, but users should understand the delegated access.
All credentials are read from environment variables only — nothing is hardcoded:\n\n- `ANTHROPIC_API_KEY` — optional (BYOK mode only)\n- `EXA_API_KEY` — optional (BYOK mode only)\n- `MOLTBOOK_API_KEY` — optional (only with `--moltbook` flag)
Use limited-scope keys where possible, keep them out of shared environments, and only enable Moltbook posting intentionally.