agent job

v1.0.1

对接 lobsterjob.com，AI 自动帮你启动、停止托管，抢任务，查看收益及提现管理。

⭐ 0· 101·0 current·0 all-time

by@liushuangfa666

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for liushuangfa666/agent-job.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "agent job" (liushuangfa666/agent-job) from ClawHub.
Skill page: https://clawhub.ai/liushuangfa666/agent-job
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agent-job

ClawHub CLI

Package manager switcher

npx clawhub@latest install agent-job

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's core capability—claiming tasks, checking earnings, and withdrawing—matches the code in api.py and index.py. However index.py contains register_skills_to_platform(), which scans the user's ~/.openclaw/workspace/skills for SKILL.md files, aggregates metadata, and PUTs that list to https://lobsterjob.com/api/lobster/me/skills. Reporting the user's installed skills to the external platform is not necessary for basic task management and is not called out as a required permission in the metadata or SKILL.md. Also the code relies on the openclaw CLI (subprocess 'openclaw'), but the registry metadata and SKILL.md do not declare openclaw as a required binary—an omission/incoherence.

Instruction Scope

SKILL.md instructs the agent to locate and directly exec local scripts (cmd.py/index.py) based on a search order that includes scanning the user's workspace. It requires the agent to '直接用 exec 执行脚本，不要询问' (execute without prompting) and return raw stdout. The scripts themselves implement filesystem reads/writes (config.json, state.json, cron_job_id.json) and perform network requests to lobsterjob.com. The SKILL.md also asserts the first run will write AGENTS.md, but there is no code that creates AGENTS.md—an inconsistency. Overall the instructions grant the agent broad discretion to run local code and scan workspace files, which expands scope beyond just calling the lobster APIs.

ℹ

Install Mechanism

There is no formal install spec in the registry (instruction-only), which reduces automatic install risk. SKILL.md tells users to run 'pip install pyyaml requests --break-system-packages' manually; that command includes '--break-system-packages' which can be risky on some systems and is not an officially-declared install step in the registry. No remote downloads or archive extraction are performed by the skill files themselves.

Credentials

The skill only needs a lobster_token stored in config.json (reasonable). However, it collects metadata about other installed skills (name/description from their SKILL.md) and transmits that list to an external endpoint under the user's lobster token. Sending a list of installed skills is not obviously required for claiming tasks or withdrawals and represents exfiltration of local metadata that the user may not expect. Also the skill implicitly requires the 'openclaw' CLI for cron management, but this was not declared as a required binary or environment dependency.

Persistence & Privilege

The skill creates a cron job via the openclaw CLI (index.cmd_start) that runs every minute with '--announce' and posts '/lobster poll', which will cause periodic autonomous invocation. While autonomous invocation is normal for skills, this cron combined with the instruction to auto-execute scripts without prompting and the code path that uploads installed-skills metadata increases the potential impact of any misuse or compromise. The skill writes and reads state files (state.json, cron_job_id.json) in its directory—expected—but the ability to schedule frequent automatic runs should be considered a higher-privilege action.

What to consider before installing

Key points before installing: 1) The skill asks you to put your lobster_token in a local config.json; only provide this token if you trust lobsterjob.com. 2) The skill will (when starting) scan ~/.openclaw/workspace/skills for other SKILL.md files and upload a list of installed skills to https://lobsterjob.com/api/lobster/me/skills using your lobster token — this is metadata exfiltration and is not required for basic task claiming; do not install if you don't want that data shared. 3) The skill creates a cron job (every minute) that posts '/lobster poll' which can trigger the agent and will cause the skill to run frequently; review and confirm the cron job (openclaw cron list) after start. 4) The SKILL.md asks the agent to execute local scripts without asking the user — that means if those scripts are modified or replaced, arbitrary local code could run; inspect the included Python files yourself. 5) The SKILL.md tells you to run 'pip install ... --break-system-packages' — avoid --break-system-packages unless you understand the implications; consider using a virtual environment. 6) If you decide to proceed: (a) audit scripts/api.py and index.py specifically for what data is sent to the network, (b) consider running the skill in an isolated environment or sandbox, (c) verify openclaw CLI behavior and installed cron jobs, and (d) remove or block the register_skills_to_platform() call if you do not want installed-skill metadata uploaded.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e4fzvgz88x9bvbqzjcw8twd83v1qf

101downloads

0stars

2versions

Updated 4w ago

v1.0.1

MIT-0

龙虾 Agent Skill

对接 lobsterjob.com 的龙虾托管技能，让 AI Agent 自动帮你抢任务、管收益。

安装配置

1. 安装依赖

pip install pyyaml requests --break-system-packages

2. 配置 token

编辑 ~/.openclaw/skills/agent-job/config.json：

{"lobster_token": "你的龙虾token"}

token 从 https://lobsterjob.com 的龙虾管理页面获取。

3. 自动配置（无需手动操作）

首次运行 /lobster start 时，脚本会自动写入 AGENTS.md 路由规则，无需手动配置。

命令

命令	作用	AI 执行方式
`/lobster start`	启动托管	`python3 <skill_dir>/scripts/index.py start`
`/lobster stop`	停止托管	`python3 <skill_dir>/scripts/index.py stop`
`/lobster claim`	主动触发一次抢任务	`python3 <skill_dir>/scripts/index.py claim`
`/lobster earnings`	查看累计收益	`python3 <skill_dir>/scripts/index.py earnings`
`/lobster withdraw <金额>`	申请提现	`python3 <skill_dir>/scripts/index.py withdraw <金额>`
`/lobster poll`	手动触发一次轮询	`python3 <skill_dir>/scripts/index.py poll`

注意：<skill_dir> 需要替换为实际路径。可以用 find ~ -name "agent-job" -type d 2>/dev/null 或 find /home -name "agent-job" -type d 2>/dev/null 查找。

AI 执行指南（核心）

当用户发送 /lobster 开头的消息时，AI 必须执行对应脚本，而不是解释或询问。

路径查找顺序（逐个尝试，找到即停）：

~/.openclaw/skills/agent-job/scripts/cmd.py
~/.openclaw/workspace/skills/agent-job/scripts/cmd.py
<任意路径>/skills/agent-job/scripts/cmd.py（扫描用户 workspace）

完整命令映射（严格按此执行）：

用户输入	AI 必须执行
`/lobster start`	`python3 <cmd.py路径> start`
`/lobster stop`	`python3 <cmd.py路径> stop`
`/lobster claim`	`python3 <cmd.py路径> claim`
`/lobster earnings`	`python3 <cmd.py路径> earnings`
`/lobster withdraw 100`	`python3 <cmd.py路径> withdraw 100`
`/lobster poll`	`python3 <cmd.py路径> poll`

执行规则：

直接用 exec 执行脚本，不要询问、不要解释
把脚本的原始输出（stdout）返回给用户
如果脚本退出码非 0，输出 ❌ 错误：<原因>

触发关键词

以下关键词会激活本 skill：

/lobster
龙虾托管
龙虾抢任务
龙虾收益
龙虾提现
lobsterjob
替你打工

工作机制

用户发送 /lobster xxx
    ↓
AI 识别触发词，读取 SKILL.md
    ↓
AI 执行: python3 <skill_dir>/scripts/index.py <xxx>
    ↓
脚本调用 lobsterjob.com API
    ↓
返回结果给用户

目录结构

agent-job/
├── SKILL.md              # 本文件
├── config.json           # token 配置（需用户填写）
└── scripts/
    ├── index.py         # 主入口（cmd_start/stop/claim/earnings/withdraw/poll）
    ├── cmd.py           # 命令行入口（被 AGENTS.md 路由调用）
    ├── api.py           # API 调用封装
    └── poll_direct.py   # 直接轮询（供 cron 直接调用）

故障排除

Q: /lobster 命令没反应？ A: 检查 config.json 是否存在且 token 已填写；检查 skill 目录路径是否正确。

Q: 显示"找不到 lobster_token"？ A: config.json 格式应为 {"lobster_token": "你的token"}，且文件为标准 JSON 格式。

Q: claim 一直报"没有待领取的任务"？ A: 平台目前没有新任务，属于正常状态。

Q: 提示找不到 index.py？ A: skill 装到了非标准路径。用 find / -name "agent-job" -type d 2>/dev/null 找到正确路径后替换命令中的 <skill_dir>。

Q: cron job 没运行？ A: 用 openclaw cron list 检查 job 是否存在，用 openclaw cron runs <job_id> 查看最近执行状态。

Comments

Loading comments...