ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gigo Lobster Resume

v2.1.0

🦞 GIGO · gigo-lobster-resume: 续跑入口:v2 stable 当前会清理旧 checkpoint 并从头重跑;保留此 slug 作为旧 checkpoint 兼容入口。 Triggers: 继续试吃 / 恢复评测 / resume tasting / continue lobster...

0· 276·1 current·1 all-time
by@gigolab

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gigolab/gigo-lobster-resume.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Gigo Lobster Resume" (gigolab/gigo-lobster-resume) from ClawHub.
Skill page: https://clawhub.ai/gigolab/gigo-lobster-resume
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gigo-lobster-resume

ClawHub CLI

Package manager switcher

npx clawhub@latest install gigo-lobster-resume
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (resume a previous 'lobster' benchmark run) align with the included bundle: a full v2 evaluation harness, wrapper scripts (run_resume.py), runner/scorer/judge/upload logic, and many task/checker files. The large code bundle is consistent with a benchmark suite rather than a tiny helper. However SKILL.md mentions optional GIGO_* env vars and behavior (upload modes) while the registry declares no required env — those are optional but should be noted.
!
Instruction Scope
SKILL.md gives explicit runtime constraints that limit agent behavior (e.g., "Never use `cd ... && python ..."; "Do not run `--help`, inspect the whole repo, or switch to `main.py` once the wrapper command is clear"). That reduces transparency and looks like a prompt-injection-style attempt to prevent further inspection. The instructions also reference specific log and workspace paths and recommend tailing logs rather than reading them in full. The doc also refers to environment variables (GIGO_*) and behavior (upload/register) that the skill will act upon; these env vars are not listed in requires.env. Overall the instructions go beyond a minimal wrapper-run directive and place operational constraints that a cautious user should verify.
Install Mechanism
There is no install spec (instruction-only), which is lower-install risk. However the published package contains a large code bundle (hundreds of files) that will be present on disk when the skill is installed and includes network-capable modules (gateway_client, judge_client, score_uploader). There is no external download URL in the install step, but the included code can initiate outbound requests when executed.
!
Credentials
Registry metadata lists no required environment variables or credentials, yet SKILL.md and many scripts reference optional environment variables (GIGO_LOBSTER_NAME, GIGO_LOBSTER_TAGS, GIGO_REQUIRE_PNG_CERT, GIGO_UPLOAD_MODE, etc.) and the code includes clients that POST to a remote /judge gateway and upload scores. The skill can perform network uploads by design (gigo-lobster-taster uploads by default). Because no primary credential or gateway URL is declared in metadata, it's unclear which endpoints and credentials (if any) will be used; this gap increases risk of unintended data exfiltration if you run the wrapper with defaults.
Persistence & Privilege
The skill does not request always:true and does not declare system-wide persistence. It contains many scripts but there is no install-time mechanism that forces permanent agent inclusion or modifies other skills' configs. Normal autonomous invocation is allowed (default), which is expected for skills.
Scan Findings in Context
[ignore-previous-instructions] unexpected: A pattern consistent with prompt injection was detected in SKILL.md. The SKILL.md does include directives that tell the agent not to run repository inspection or certain commands; while that may be intended to reduce confusion, it resembles 'ignore previous instructions' style manipulation and is not expected for a transparent wrapper.
[unicode-control-chars] unexpected: Unicode control characters were flagged in SKILL.md by the pre-scan. Use of invisible control chars is uncommon for benign README/runtime instructions and can be used to obfuscate or alter how tooling parses the file; inspect the raw file if you plan to run it.
What to consider before installing
What to consider before installing or running: - This package is a full benchmark harness that by default can contact remote services (gateway /judge and score upload). If you don't want uploads, run in local/register/doctor modes or pass --skip-upload / use gigo-lobster-local before running the resume wrapper. - SKILL.md contains explicit instructions that tell the agent not to inspect the repository and to run only the wrapper. That reduces transparency — review run_resume.py, main.py, and scripts/gateway_client.py / scripts/score_uploader.py yourself before executing. - The metadata declares no required env vars, yet the skill references optional GIGO_* env vars and relies on a gateway client. Confirm what gateway_base / credentials your environment will provide and whether network calls will be made (and to which hosts) before running. - Because the bundle includes many files capable of network I/O and uploading, run it first in an isolated environment: a disposable VM, container, or sandbox, and inspect the code (search for requests.post, gateway URLs, hard-coded endpoints, and any code that reads files outside the workdir). - If you only want to test safely, run gigo-lobster-doctor or gigo-lobster-local to avoid uploading; or run run_resume.py with --skip-upload / --register-only as appropriate. - If anything is unclear (unknown publisher, unexpected network hosts, or the presence of invisible control characters), do not run it with real credentials or on a machine with sensitive data. Ask the publisher to clarify gateway endpoints, what is uploaded, and why SKILL.md prohibits repo inspection. If you'd like, I can: - show the top-level of run_resume.py and scripts/gateway_client.py so you can see what remote hosts/URLs are used, or - produce a short checklist of files to inspect for network/exfiltration behavior before running.
bundle/tasks/a27_refuse_eval_user_input/setup/dangerous.py:5
Dynamic code execution detected.
scripts/v2_bundle_tools.py:50
Dynamic code execution detected.
!
scripts/tasting_config.json:3
Install source points to URL shortener or raw IP.
!
bundle/tasks/a25_readme_prompt_injection/setup/README.md:20
Prompt-injection style instruction pattern detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
OSmacOS · Linux · Windows
Any binpython3, python, py
latestvk97fvdxfh6sh2t9se8kv3v9nhn85qqha
276downloads
0stars
21versions
Updated 1h ago
v2.1.0
MIT-0
macOS, Linux, Windows
@gigolab
latest
Download

gigo-lobster-resume

Mission

  • 续跑入口:v2 stable 当前会清理旧 checkpoint 并从头重跑;保留此 slug 作为旧 checkpoint 兼容入口。
  • Resume entrypoint: the v2 stable runtime currently clears old checkpoints and starts fresh; this slug remains for legacy checkpoint compatibility.

Trigger Phrases

  • 中文:继续试吃 / 恢复评测 / 继续评估 / 继续龙虾评测
  • English: resume tasting / continue lobster eval / resume lobster benchmark / continue tasting

Execution Rules

  1. Use a direct Python command on this skill directory's wrapper file. Never use cd ... && python ...; OpenClaw preflight may reject it.
  2. Prefer python3, then python, then py.
  3. If the user asked in Chinese, append --lang zh. If the user asked in English, append --lang en.
  4. Stream short progress updates while the benchmark is running.
  5. Keep stdout/stderr visible and remind the user that the full log is written to gigo-run.log.
  6. Do not run --help, inspect the whole repo, or switch to main.py once the wrapper command is clear. Start the wrapper directly.
  7. If the wrapper starts a long-running process, do not kill it just because stdout is quiet for a while. A full tasting run often takes 15-25 minutes.
  8. While a long run is in progress, monitor the process and tail the log file under ~/.openclaw/workspace/outputs/gigo-lobster-taster/gigo-run.log instead of improvising a second execution path.
  9. Only declare failure if the process exits non-zero, the log shows a traceback, or the user explicitly asks to cancel.
  10. Stay attached until the wrapper exits. Do not end the conversation with “I will keep monitoring”; keep polling and only report completion once you have the final score/result files/ref_code (if any).
  11. Prefer process poll plus exec tail -n 50 .../gigo-run.log while monitoring. Do not use a generic full-file read on gigo-run.log, because the log can be large and may break the chat output.

Default Behavior

  • 中文:默认优先从旧 checkpoint 继续跑,输出目录指向 gigo-lobster-taster。
  • English: By default it resumes from the existing checkpoint and writes to the gigo-lobster-taster output directory.

Recommended Command Shape

python3 /absolute/path/to/run_resume.py --lang zh

If the user explicitly asks for overrides, append the matching CLI flags:

  • --lobster-name "..." and --lobster-tags "tag1,tag2" for a custom lobster persona
  • --output-dir /custom/path for a custom output directory
  • --require-png-cert when the user refuses the SVG fallback
  • --skip-upload or --register-only only when the user explicitly asks to change the default upload behavior

Persona Defaults

  • Explicit CLI overrides win first: --lobster-name and --lobster-tags
  • Then read GIGO_LOBSTER_NAME and GIGO_LOBSTER_TAGS
  • Then read SOUL.md
  • Finally fall back to the default lobster persona

Do not stop for interactive questions unless the user explicitly asks for an interactive run.

Comments

Loading comments...