Trust Assessment
lobster-trap received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 0 critical, 8 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Sensitive path access: AI agent config, Unsanitized shell variables in curl commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/tedkaczynski-the-bot/lobster-trap/SKILL.md:77 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/tedkaczynski-the-bot/lobster-trap/SKILL.md:81 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/tedkaczynski-the-bot/lobster-trap/SKILL.md:84 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/tedkaczynski-the-bot/lobster-trap/SKILL.md:88 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/tedkaczynski-the-bot/lobster-trap/SKILL.md:92 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/tedkaczynski-the-bot/lobster-trap/SKILL.md:100 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/tedkaczynski-the-bot/lobster-trap/SKILL.md:101 | |
| HIGH | Unsanitized shell variables in curl commands The skill constructs `curl` commands using shell variables (`$AGENT_NAME`, `$WALLET`, `$API_KEY`) directly within double-quoted strings for JSON payloads and HTTP headers. If these variables contain shell metacharacters (e.g., `$(command)`, backticks, semicolons, or quotes that break the string), they can lead to arbitrary command execution on the host system. This is a classic command injection vulnerability. Sanitize all user-controlled variables before embedding them into shell commands. For JSON payloads, use a dedicated JSON parsing tool like `jq` to construct the payload safely, or ensure all special characters within the variable values are properly escaped for the shell and JSON context. For HTTP headers, strictly validate and escape the variable content to prevent breaking out of the header string. A more robust solution is to use a programming language (e.g., Python) to make HTTP requests, which offers safer string interpolation and JSON handling. | LLM | SKILL.md:149 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/tedkaczynski-the-bot/lobster-trap/SKILL.md:86 | |
| MEDIUM | Unpinned git clone for dependency The skill clones the `openclaw-skills` repository from GitHub (`https://github.com/BankrBot/openclaw-skills`) without specifying a particular commit hash or tag. This means that any future changes to the `main` branch of the upstream repository could introduce malicious code into the `bankr.sh` script, which is then executed by the agent. This introduces a significant supply chain risk as the integrity of a critical dependency is not guaranteed over time. Pin the `git clone` operation to a specific commit hash or a signed tag. For example: `git clone --depth 1 --branch <tag_or_commit_hash> https://github.com/BankrBot/openclaw-skills /tmp/bankr-skills-temp`. Regularly review and update the pinned version to incorporate necessary updates while maintaining security. | LLM | SKILL.md:90 |
Scan History
Embed Code
[](https://skillshield.io/report/5fcf6330b218b9af)
Powered by SkillShield