by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill looks like a legitimate workflow runner, but its metadata does not match its documentation. Before installing or invoking: 1) Verify the source repository (github.com/guwidoe/lobster-skill) and inspect the actual published package; 2) Do not supply CLAWD_TOKEN/CLAWD_URL or other secrets unless you trust the code — the SKILL.md uses these but the skill metadata doesn't declare them; 3) Expect the skill to execute arbitrary shell commands (gh, jq, node) and to read/write ~/.lobster/stat...详细分析 ▾
⚠ 用途与能力
The stated purpose (deterministic workflow runtime with approval gates) matches the examples and commands in SKILL.md. However, the metadata declares no required binaries or env vars while the instructions clearly expect a Node-based CLI, the GitHub CLI (gh), jq, and optionally clawd.invoke integration. The omission of these requirements is disproportionate to the documented functionality and is an incoherence.
⚠ 指令范围
Runtime instructions tell the agent to execute arbitrary shell commands (exec --json --shell "...") and to read/write persistent state (~/.lobster/state). They also include examples that run gh and jq, read workflow files, and call clawd.invoke which sends data to an external CLAWD_URL/CLAWD_TOKEN. This grants the skill the ability to run arbitrary commands and transmit data outside the agent — appropriate for a workflow runner but high-risk if the skill's provenance is unknown. The SKILL.md also contains hardcoded path examples (e.g., /home/molt/...) which suggest expectations about local installs.
ℹ 安装机制
There is no install spec (instruction-only), which minimizes automatic disk writes. The README suggests installing a Node package (npm install -g @clawdbot/lobster) or using a local node script; those are reasonable but not enforced. Because the skill is instruction-only, the scanner had no code to review; this is lower install risk but increases reliance on the user to follow installation guidance safely.
⚠ 凭证需求
Metadata lists no required environment variables, yet SKILL.md explicitly references CLAWD_URL and CLAWD_TOKEN for Clawdbot integration and allows overriding LOBSTER_STATE_DIR. Requesting a service token (CLAWD_TOKEN) is reasonable for Clawdbot calls, but the skill fails to declare it. The absence of declared secrets alongside instructions that use them is an inconsistency that can lead to accidental credential exposure if users assume none are needed.
ℹ 持久化与权限
The runtime uses persistent state (~/.lobster/state) and implements resume/approval tokens. The skill does not request always:true and does not modify other skills. Persistent state is coherent with the workflow purpose, but users should be aware the agent (when executing the CLI) will read/write files in the user home directory.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/1/30
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install lobster
镜像加速npx clawhub@latest install lobster --registry https://cn.longxiaskill.com