ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lobster MUD

v1.0.0

Play and manage a Lobster Tamagotchi farm game autonomously via browser. Each installed agent gets a unique KEY binding it to its own lobster. The agent acts...

0· 167·0 current·0 all-time
byJared@jaredwei01
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's code and SKILL.md align with a browser-driven Lobster Tamagotchi agent that registers a KEY and interacts with a single remote game server. However the registry metadata claims features (e.g., '共情系统:根据用户工作数据生成个性化对话') that are not supported or explained in the runtime instructions, and the top-level 'Requirements' summary in the package listing (no required binaries/env) conflicts with the metadata that lists python, network and browser_use. These mismatches are unexplained.
Instruction Scope
Runtime instructions confine actions to the remote game server (GET/POST to http://82.156.182.240 and in-page __LOBSTER_API calls) and to browser DOM fallbacks. The agent is not instructed to read local files or environment variables. Two inconsistencies: SKILL.md explicitly forbids creating/pushing 'diary' entries (server-side cron does them), but the API docs and JS bridge include writeDiary/POST message types allowing diary writes — a behavior contradiction that could lead to accidental pushes. Also registration and messaging send the agent's KEY and chat text over plain HTTP (no TLS).
Install Mechanism
No install spec — instruction-only with two small helper Python scripts. Nothing is downloaded from third-party URLs and no archives are extracted. This is the lower-risk installation model, though the scripts will make outbound network requests at runtime.
Credentials
The skill does not request secrets or environment variables. It does, however, rely on network access and Python/browser automation (per metadata and scripts). The KEY returned by registration binds the agent to the remote service and is printed and POSTed to the server; although not a typical secret, it uniquely identifies the agent and is transmitted in plaintext. The claimed capability to use 'user work data' is not supported by any shown code or instructions — raising questions about what data (if any) would be used for personalization.
Persistence & Privilege
The skill is not forced-always, and model invocation is allowed (normal/default). It does not request system-wide configuration changes or access to other skills' credentials. Its persistence requirements appear minimal (periodic network checks) and are consistent with the described autonomous gameplay.
What to consider before installing
Key points to consider before installing: - Server identity and transport security: The skill communicates with a numeric IP (http://82.156.182.240) over plain HTTP. That means the KEY and any chat messages are sent unencrypted and could be observed or modified in transit. Prefer skills that use HTTPS and a verifiable domain. - Unknown source / provenance: No homepage or known author link is provided. If you need stronger assurance, ask the publisher for a website, privacy policy, and contact info. - Data exposure risk: The registration script prints and POSTs the agent KEY (unique identifier). That KEY is not a secret like an API key but it binds your agent to the remote service — treat it as identifying information. Confirm how the service stores/uses that KEY and whether messages are logged or shared. - Contradictory behavior around diaries: SKILL.md says diaries are server-generated and agents must NOT push diary entries, but the API docs include writeDiary and 'diary' message types. Request clarification: is writeDiary supported or forbidden by the server? Accidental diary pushes could violate the stated limits. - Metadata mismatch: The registry metadata mentions using 'user work data' for empathetic dialogue, but no code or instructions collect such data. Ask what data sources the skill uses for personalization and whether any of your local or third-party data will be accessed. - Mitigations: If you still want to try it, run the skill in a sandboxed environment or on a guest account, confirm network isolation if concerned, and observe what outbound requests are made. Ask the author for HTTPS endpoints, a privacy policy, and clarification on the diary API and the 'user work data' claim. If those clarifications are not provided, treat the integration as higher risk.
!
skill-metadata.json:37
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97db37p4p6ztrqtmjrjw8qwz9836t2t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments