Trust Assessment
lobster received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary Shell Command Execution via 'exec --json --shell', Potential Data Exfiltration via Arbitrary Shell Commands, Excessive Permissions Granted by Arbitrary Shell Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Shell Command Execution via 'exec --json --shell' The 'lobster' tool, as described in this skill, explicitly provides an 'exec --json --shell "cmd"' command. This command allows the execution of arbitrary shell commands on the host system. If an AI agent constructs or processes 'lobster' pipelines from untrusted input, this feature can be exploited for command injection, leading to arbitrary code execution with the privileges of the 'lobster' process. Implement strict input validation and sanitization for any pipeline arguments or workflow definitions processed by 'lobster', especially when derived from untrusted sources. Consider sandboxing the 'lobster' execution environment (e.g., using containers or chroot) or restricting the set of commands available to 'exec --json --shell' to a predefined allowlist. | LLM | SKILL.md:39 | |
| HIGH | Potential Data Exfiltration via Arbitrary Shell Commands The 'exec --json --shell "cmd"' command, which enables arbitrary shell execution, can be leveraged by a malicious 'lobster' pipeline to exfiltrate sensitive data from the host system. This includes reading arbitrary files (e.g., '/etc/passwd', '~/.aws/credentials'), environment variables (e.g., 'CLAWD_TOKEN', 'GH_TOKEN'), or sending data to external endpoints using standard shell utilities like 'curl' or 'wget'. In addition to input validation, restrict network access for the 'lobster' process or limit its filesystem access scope to only necessary directories. Avoid storing sensitive information in locations accessible by the 'lobster' process or passing it directly into pipelines originating from untrusted sources. | LLM | SKILL.md:39 | |
| HIGH | Excessive Permissions Granted by Arbitrary Shell Execution The 'lobster' tool's 'exec --json --shell "cmd"' capability allows it to execute any command with the full permissions of the user account running the 'lobster' process. This constitutes excessive permissions if the tool is exposed to untrusted input, as it grants an attacker the ability to perform any action the user can, including modifying system files, installing software, or accessing sensitive resources. Run the 'lobster' tool with the principle of least privilege. Employ containerization (e.g., Docker) or other isolation mechanisms to sandbox its execution and strictly limit its access to the host system's resources. Implement robust access controls for who can define or execute 'lobster' pipelines. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/d5010383e241ff70)
Powered by SkillShield