Scan Report
10 /100
lobster-agent
服务器监控Agent,自动采集系统指标并上报到Coze大龙虾平台,支持CPU/内存/磁盘/网络监控、告警推送和自动节点注册
This is a documentation-only skill package describing a legitimate server monitoring agent. The SKILL.md declares all major capabilities (network reporting, systemd service, root privileges) but contains no implementation code to verify actual behavior.
Safe to install
Acceptable for use with low risk profile. However, since no implementation code exists in this package, verify that the actual lobster-agent code matches the documented behavior before deployment. Request source code review if available.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Implementation not included Doc Mismatch | SKILL.md:1 |
| Low | External platform data reporting (declared) Data Exfil | SKILL.md:19 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md describes creating /opt/lobster-agent, /var/log/lobster-agent directori… |
| Network | WRITE | WRITE | ✓ Aligned | SKILL.md line 19: Reports to https://api.coze.cn |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md describes creating /usr/local/bin/lobster command and systemd service |
| Environment | NONE | NONE | — | No environment access described |
| Skill Invoke | NONE | NONE | — | No skill invocation described |
3 findings
Medium External URL 外部 URL
https://api.coze.cn) SKILL.md:19 Medium External URL 外部 URL
https://www.coze.cn/docs/developer-docs/api SKILL.md:137 Medium External URL 外部 URL
https://coze.cn/s/7618478715609055278 SKILL.md:138 File Tree
1 files · 4.3 KB · 138 lines Markdown 1f · 138L
└─
SKILL.md
Markdown
Security Positives
✓ All major capabilities are documented in SKILL.md
✓ No obfuscation or base64-encoded content found
✓ No credential harvesting beyond monitoring requirements
✓ No reverse shell or C2 indicators
✓ External data transfer is declared as the core purpose
✓ Dependencies (requests, psutil) are reasonable for monitoring