Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lobster Coordinator
v1.0.1三层多Agent协调器(参考Claude Code架构),支持AgentTool单任务委托、Swarm团队协作、Coordinator模式全局调度。当任务复杂需要多Agent协作时自动激活。
⭐ 0· 61·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a three‑layer multi‑agent coordinator and its instructions use platform capabilities (sessions_spawn, sessions_send, subagents), which is coherent. However, it references an explicit local scratchpad path (/Users/wil/.openclaw/...) and file‑system persistence without declaring any required config paths or permissions in the metadata — this mismatch suggests the instructions assume access to a specific user's filesystem layout and was not scoped in the registry metadata.
Instruction Scope
SKILL.md instructs the agent to spawn subagents, persist shared data to an absolute user path, poll workers every 30s, reuse parent session context, and explicitly recommends that child agents not inherit alwaysDeny rules. Those are broad actions: writing/reading arbitrary filesystem locations and instructing to bypass deny rules are beyond a simple coordinator description and could lead to data exposure or privilege changes. The document also hardcodes a username-based path ('wil'), which is likely incorrect for other users and could cause unexpected filesystem access.
Install Mechanism
This is an instruction‑only skill with no install spec and no code files, so nothing will be downloaded or written by an installer. That lowers risk from third‑party packages or arbitrary downloads.
Credentials
The skill declares no environment variables or credentials (which is appropriate), but the instructions propose reusing parent session context and explicitly not inheriting alwaysDeny rules for subagents. Asking runtime actors to ignore deny controls or to reuse parent session data increases the chance of privilege escalation or cross‑task data leakage. The lack of declared config paths contrasts with the explicit filesystem scratchpad usage.
Persistence & Privilege
The skill is not always‑enabled and allows normal autonomous invocation (defaults). That is expected. It does, however, recommend creating background subagents, persistent scratchpad files, and periodic polling — which give the skill ongoing presence via spawned subagents and persistent files even though the skill itself doesn't request 'always'. This raises runtime persistence concerns (long‑running subagents, persistent data) but does not itself request elevated registry privileges.
What to consider before installing
This skill appears to implement a legitimate multi‑agent coordination pattern, but exercise caution. Before installing or enabling it: 1) Confirm where its scratchpad will be stored on your system — the SKILL.md contains a hardcoded path (/Users/wil/...) that likely should be configurable; do not allow it to write to your home directory unless you expect that. 2) Ask how your OpenClaw platform enforces 'alwaysDeny' / permission inheritance — the instructions recommend not inheriting deny rules for subagents which could let spawned agents perform actions your policy intends to block. 3) If you plan to run it, test in a sandbox or restricted workspace first (no sensitive files or credentials accessible) and require explicit user approval for high‑risk operations. 4) Verify the behavior of session reuse and background subagents to avoid unintended data sharing between tasks. If the author can provide an updated SKILL.md that (a) removes hardcoded paths or makes them configurable, (b) documents exact permission inheritance semantics on your platform, and (c) clarifies what data gets written to disk, re‑evaluation could raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97eckb7s82pd898g6pqxyt02h8463pp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.