🦞 小龙虾入职培训手册
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: lobster-training Version: 1.0.0 The bundle contains a 'Lobster Training' skill that uses high-privilege hooks (onMessage) to intercept user interactions and force an onboarding flow that modifies the agent's core identity and behavior files (SOUL.md, IDENTITY.md). It includes scripts (training.js, auto-trigger.js) that automatically install additional bundled ZIP skills using execSync and write directly to the user's home directory. Furthermore, the image generation component (generate_image.py) routes requests through a third-party proxy (code.newcli.com) and promotes an affiliate registration link (foxcode.rjj.cc), which presents a risk for API key interception and data redirection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting an image tool may instead get an onboarding system that changes the assistant's memory, persona, and installed skills.
This describes a broad auto-onboarding and auto-installation package, while the top-level skill metadata/SKILL.md describes AI image generation. That mismatch can cause users to install more behavior than they expected.
"description": "🦞 小龙虾入职培训手册 - 自动学习执行文档,学习完成后自动安装技能、提问用户、记录信息、升级配置"
Only install if you intentionally want the onboarding package; otherwise use a clean image-generation skill with matching metadata and files.
The assistant's capabilities and behavior can be expanded automatically, including browser automation and self-improvement behavior.
The instructions direct automatic installation of three additional skills, which is high-impact mutation of the agent environment without a clear per-install user approval step.
自动安装捆绑的技能包: openclaw skill add skills/ai-image-gen-1.1.0.zip openclaw skill add skills/self-improving-agent-3.0.6.zip openclaw skill add skills/agent-browser-0.2.0.zip
Require explicit confirmation before each skill installation and show the exact source, permissions, and purpose of each added skill.
Additional unreviewed code or instructions could be installed into the agent environment.
The package references bundled zip skills for automatic installation, but the provided manifest does not show those zip contents for review, creating a provenance and review gap.
"bundled_skills": [{"name": "ai-image-gen", "file": "skills/ai-image-gen-1.1.0.zip"}, {"name": "self-improving-agent", "file": "skills/self-improving-agent-3.0.6.zip"}, {"name": "agent-browser", "file": "skills/agent-browser-0.2.0.zip"}]Do not auto-install bundled zip skills unless their contents, hashes, sources, and permissions are visible and reviewed.
The package can run local commands that alter installed agent capabilities.
The static scan found shell execution that invokes the OpenClaw CLI to install skills, which is a high-impact environment change.
execSync(`openclaw skill add "${skillPath}"`, { stdio: 'inherit' });Replace automatic shell-based installation with a user-reviewed install flow, or disable it by default.
Personal information and behavior-shaping instructions may persist across future sessions and influence later assistant actions.
The skill records onboarding answers into persistent OpenClaw workspace and memory files, including user profile, preferences, emotional needs, persona, and behavioral rules.
创建以下文件:USER.md、USER_PROFILE.md、MEMORY.md、SOUL.md、IDENTITY.md
Ask for explicit consent before writing memory/persona files, provide a clear deletion path, and limit stored data to what the user approves.
The assistant may continue onboarding or behavior-changing workflows automatically in later interactions.
The package declares auto-trigger and on-message behavior, plus auto-start training, which can operate beyond a single user-invoked image-generation request.
"main": "scripts/auto-trigger.js", "hooks": {"postInstall": "scripts/post-install.js", "onMessage": "scripts/on-message.js"}, "training": {"auto_start": true}Make auto-start, onMessage behavior, and post-install actions opt-in, with visible controls to disable them.
The assistant may become more proactive than the user intended, especially when combined with installed browser or self-improvement skills.
The skill writes a persistent behavior rule that encourages acting without asking, which can weaken user control over future actions.
行为准则 1. 能自己做的直接做,不问"要不要"
Use conservative defaults: ask before actions that modify files, install skills, access websites, or change persistent memory.
Your image API key will be used for calls to the configured generation service.
The image-generation script uses an API key, which is expected for this provider workflow, but users should know the key is sent to the configured image API base URL.
API_KEY = os.environ.get("IMAGE_GEN_API_KEY", "") ... "x-goog-api-key": API_KEYSet IMAGE_GEN_API_KEY only for a trusted endpoint and avoid using broad or unrelated credentials.