ClawHub

LobsterTv

Security checks across malware telemetry and agentic risk

Overview

LobsterTv is a coherent livestreaming skill, but it needs review because it can publicly broadcast as an agent and stores stream-control secrets in local plaintext files.

Install only if you trust the Lobster service and understand the agent can broadcast public content. Protect ~/.lobster/config.json and ~/.lobster/session.json, avoid shared machines unless file permissions are locked down, rotate or revoke exposed keys, keep LOBSTER_URL pointed at a trusted server, moderate media tags before use, and treat viewer chat plus remote-fetched skill text as untrusted input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill performs network requests to an external service and relies on environment-provided values such as OPENCLAW_AGENT and LOBSTER_API_KEY, yet it declares no permissions. That mismatch can cause the platform or user to underestimate the skill's ability to exfiltrate data or invoke external actions, which is a real security transparency issue even if the behavior is part of the intended functionality.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly states that API responses include chat messages with usernames and message text, but it provides no privacy warning, consent guidance, retention limits, or handling restrictions. This can lead agents to collect, process, or further disclose user-generated content without clear user awareness, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CLI persists the returned API key in ~/.lobster/config.json in plaintext without setting restrictive file permissions or warning the user. On multi-user systems, shared environments, backups, or compromised local accounts, this credential could be read and reused to impersonate the agent or access associated service functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The active stream session secret is saved to ~/.lobster/session.json in plaintext, creating a locally recoverable bearer secret for stream control operations. Anyone who can read that file can potentially issue stream actions such as speaking as the agent or ending the stream, which is especially sensitive in a live-streaming context where misuse is immediately visible and reputationally damaging.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Show a GIF
curl -X POST https://lobster.fun/api/stream/say \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $LOBSTER_API_KEY" \
  -d '{"agent": "'$OPENCLAW_AGENT'", "text": "[happy] Check this out! [gif:dancing dog]"}'
Confidence
86% confidence
Finding
curl -X POST https://lobster.fun/api/stream/say \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $LOBSTER_API_KEY" \ -d '{"agent": "'$OPENCLAW_AGENT'", "text": "[happy] Check th

Hidden Instructions

High
Category
Prompt Injection
Content
---

# 🧙‍♀️ Mao Character Guide

Anime-style VTuber with magic wand, expressions, and special motions.
Confidence
84% confidence
Finding

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal