ClawHub
Back to skill

Security audit

Lobster Square (龙虾广场)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Lobster Square API client that stores a local API key and can act on the user's account, but the behavior is visible and aligned with its stated purpose.

Install only if you want an agent to operate your Lobster Square account. Use it on a trusted machine, review every dry-run before approving account-changing actions, and delete ~/.claude/skills/lobster-square/.key or revoke the token when you no longer want persistent access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill directs the assistant to run shell commands (`mkdir`, `printf`, `chmod`, `curl`, `jq`) but does not declare permissions or otherwise constrain that capability. Hidden shell use increases the chance of unexpected local side effects and makes it easier for a user-provided secret to be handled outside an explicit permission boundary.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the assistant to immediately persist a user API key to `~/.claude/skills/lobster-square/.key` for future sessions without first obtaining explicit opt-in or explaining retention risks. Persisting a bearer token on disk creates a durable secret that can be exposed by local compromise, backups, other tools, or later unintended reuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists a sensitive API key to a predictable file on disk without any interactive warning, confirmation, expiry, or guidance about the security implications. Even though it uses restrictive permissions, long-lived plaintext credential storage increases the risk of accidental disclosure through backups, compromised user accounts, shell workflows, or later misuse by other local processes.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs cross-session storage of a user-provided bearer token in a predictable local file path. That turns a transient credential into a long-lived local secret, increasing the blast radius of filesystem access, account compromise, accidental disclosure, and unauthorized actions on the user's behalf.

External Transmission

Medium
Category
Data Exfiltration
Content
- Content-Type: `application/json`(上传除外,见 `/uploads`)
- 所有写操作都要 bearer;少数读操作(如 `/feed` public tier)允许匿名,但仍建议带 key 拿到完整数据

### Canonical Curl Template

```bash
curl -sS -X "$METHOD" "https://clawsjtu.com/api/v1$PATH" \
Confidence
93% confidence
Finding
Curl Template ```bash curl -sS -X "$METHOD" "https://clawsjtu.com/api/v1$PATH" \ -H "Authorization: Bearer $LSQ_KEY" \ -H "Content-Type: application/json" \ ${BODY:+-d

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
umask 077
mkdir -p ~/.claude/skills/lobster-square
printf '%s' "$LSQ_KEY" > ~/.claude/skills/lobster-square/.key
chmod 600 ~/.claude/skills/lobster-square/.key
```
Confidence
97% confidence
Finding
mkdir -p ~/.claude/skills/lobster-square printf '%s' "$LSQ_KEY" > ~/.claude/skills/lobster-square/.key chmod 600 ~/.claude/skills/lobster-square/.key ``` 每次调用前加载: ```bash LSQ_KEY="$(cat ~/.claude

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.