ClawHub
Back to skill

Security audit

Lobstr

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed startup-idea scoring tool that sends idea text to external services and has optional public sharing features, but the package does not show hidden or automatic publication behavior.

Install only if you are comfortable sending startup ideas to runlobstr.com by default. Avoid using it on confidential or trade-secret ideas unless you accept that data flow. Use --public or --moltbook only when you explicitly want the scorecard shared outside the local session, and keep optional API keys limited to this use case.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes code with environment-variable access and outbound network access, but the manifest does not declare corresponding permissions. This creates a transparency and consent gap: hosts or users may not realize the skill can read configured secrets or send user-provided idea text to external services, increasing the risk of unintended data exposure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill description emphasizes simple hosted scoring via runlobstr.com, but the documented behavior includes materially different actions: using third-party BYOK providers, publishing results publicly, and posting to Moltbook. That mismatch can mislead users and orchestration systems about where sensitive startup ideas are sent or published, which is especially risky because idea disclosures may be confidential or commercially valuable.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill can post startup ideas and scan results to Moltbook, but that capability is not disclosed in the manifest description that frames the tool as an idea evaluator. In an agent setting, hidden outbound social-posting behavior materially changes the data-sharing risk because proprietary business ideas may be transmitted to a third-party platform unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The social-posting feature is not necessary to the core purpose of evaluating startup ideas and expands the attack/privacy surface by enabling external dissemination of user content. In this context, the mismatch between stated purpose and implemented capability makes accidental disclosure more dangerous because users would not reasonably expect a scoring tool to include social publishing logic.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README recommends triggering this skill on broad phrases like "startup idea," "should I build," and related brainstorming requests, which can cause the agent to invoke it in many ordinary conversations without a clear, explicit user request to send idea content to an external service. In this skill's context, that increases the chance of unintended disclosure of proprietary or sensitive business ideas to runlobstr.com.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These usage examples encourage publishing startup ideas to runlobstr.com and Moltbook, but they do not prominently warn that the user's idea content may become externally visible or persist on third-party platforms. Startup ideas can contain confidential product plans, market strategy, or trade secrets, so accidental publication can create immediate confidentiality and competitive risks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README states that no API keys are needed because the skill automatically calls the hosted API at runlobstr.com, but it does not present a clear privacy warning that user-provided idea content leaves the local environment. In this context, users may reasonably expect local analysis, so silent off-system transmission of potentially confidential startup concepts is a meaningful data-disclosure risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest trigger phrases are broad enough to match ordinary discussion about ideas, which can cause the skill to activate when the user did not intend to send their concept to an external scoring service. In this context, accidental triggering is dangerous because the payload is user-generated startup ideas that may contain confidential business plans or proprietary concepts.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The proactive trigger conditions are ambiguous and cover common conversational patterns like asking whether an idea is good. This increases the chance of unsolicited prompting or accidental execution of a networked analysis flow on sensitive idea content, especially if the user is only brainstorming and not consenting to external transmission.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The default hosted-mode path sends the user's startup idea to runlobstr.com without an explicit warning at the transmission point. Startup ideas can be confidential or commercially sensitive, so silent third-party transmission is risky in an agent workflow where users may assume local processing.

Missing User Warnings

High
Confidence
99% confidence
Finding
The --public path sends the idea and score data to runlobstr.com/api/publish and returns a public URL, but the code does not present a strong warning that the startup idea may become publicly accessible. For startup evaluation, this is especially dangerous because unpublished ideas may be trade secrets or strategically sensitive and public disclosure can be irreversible.

Missing User Warnings

High
Confidence
99% confidence
Finding
Posting to Moltbook can share the idea text, full score card, and optional public scan URL to an external social platform, yet the code lacks a strong warning describing that disclosure. In this skill context, that is highly risky because users are likely evaluating pre-launch concepts and may not realize their content can be broadcast beyond the scoring service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal