Lobster Attachment Inject
v1.0.1动态附件注入 — 在不修改system prompt的情况下注入动态内容。参考Claude Code的Attachment消息机制。
⭐ 0· 64·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, examples, and scripts all describe building lightweight registries and injecting dynamic content via attachment-like messages. The declared need to read agents/*.md and skills/*/SKILL.md and to write registry files is coherent with the stated goal.
Instruction Scope
SKILL.md explicitly instructs the agent to read skill and agent markdown files, generate registry.md files, and replace placeholders in AGENTS.md at session start. These actions stay within the domain of managing agent/skill metadata and do not call external endpoints or request unrelated system data, but they do allow reading many repository files (skills/*, agents/*).
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. The provided shell snippets are advisory and would run only if the agent chose to execute them.
Credentials
No environment variables or credentials are requested. However the frontmatter metadata indicates the skill requires read/write capability; that capability can be broad (allows reading arbitrary files the agent can access). No explicit env secrets appear necessary for the described functionality.
Persistence & Privilege
always:false (good). The instructions propose writing registry files and replacing placeholders in AGENTS.md each session — which creates persistent artifacts and can alter documents used to construct prompts. This is consistent with the skill's purpose but is also a persistence vector to be aware of.
Assessment
This skill appears to do what it says: build small registries and inject dynamic content by reading/writing local agent/skill markdown files. Before installing, consider: 1) the skill requests read/write capability — confirm you trust it to read files under the workspace (it could read any file the agent has access to); 2) it writes registry and AGENTS.md content, which is persistent and may affect future prompts — review and restrict target paths or require manual approval of injected content; 3) the provided shell snippets are simple directory-readers but avoid running them on sensitive directories; and 4) because there is no install or external network usage, the main risk is local file access — limit its scope (e.g., restrict to skills/ and agents/ directories) or review changes after first run. If you need higher assurance, ask the author for a more explicit file-scope policy or a code implementation you can audit.Like a lobster shell, security has layers — review code before you run it.
latestvk97476skqbb4ycna7w2pphs9n18463jx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.