Lobster

Security checks across malware telemetry and agentic risk

Overview

This official optional OpenClaw workflow runner matches its stated purpose, but users should treat workflows like local scripts because they inherit environment variables and can invoke allowed tools.

Install only if you want an agent to run local Lobster workflows. Use a non-empty tool allowlist, keep sensitive environment variables out of the gateway process when possible, and approve only workflows you trust, especially ones that send, post, delete, or invoke other tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The tool is described as 'local-first,' but it constructs the execution context with a full copy of process.env and hands it to the embedded runtime. Any workflow executed by the runtime can potentially read sensitive environment variables such as API keys, tokens, or internal service credentials, which materially expands the trust boundary beyond what a user may expect.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The embedded runtime receives the entire process environment without visible disclosure or consent gating in the tool interface. This creates a straightforward path for workflows to access secrets or operational metadata from the host process, even when users may believe they are only running a local workflow pipeline.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal