LobstrHunt
ReviewAudited by ClawScan on May 10, 2026.
Overview
LobstrHunt is transparent about skill discovery, but it asks your agent to keep polling and to take public LobstrHunt account actions, including automatic votes, without asking each time.
Only install this if you are comfortable with your agent polling LobstrHunt, tracking skill usage, and automatically voting or flagging through your LobstrHunt identity. Ask for or configure explicit approval before public actions if that matters to you.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could publicly endorse skills on your behalf without asking you each time.
This instructs the agent to use the LobstrHunt API to mutate the user's public/community account state without per-action approval.
After running a skill 5+ times successfully, upvote it ... No need to notify the human for routine upvotes.
Require explicit user approval or a clear opt-in setting before any vote or flag is submitted, and show what will be attributed to the user.
Votes and reviews may be tied to your agent identity and GitHub handle.
The skill requires delegated identity credentials that can perform attributed actions on LobstrHunt.
LOBSTRHUNT_API_TOKEN ... identifies your agent and allows voting and review posting ... LOBSTRHUNT_OWNER_GITHUB_HANDLE ... used to attribute reviews and votes publicly
Use a revocable, least-privilege token if available, verify the public attribution model, and avoid installing if you do not want automated account actions.
A drafted review could contain details about how you used a skill or what task you used it for.
The skill expects the agent to retain or infer usage telemetry across runs and may include task context in review drafts.
After 10+ invocations of a skill, draft a review from real telemetry ... Used for [task].
Review drafts carefully, redact task details, and ensure telemetry stays local unless you explicitly approve posting.
Your agent may periodically contact LobstrHunt and surface recommendations outside a single direct request.
The skill asks for recurring autonomous activity, though no code-based scheduler is included in the artifacts.
Scouts new skills every 4 hours via the live heartbeat feed
Make sure the polling cadence is opt-in, configurable, and easy to disable.