扫描报告
10 /100
lobster-agent
服务器监控Agent,自动采集系统指标并上报到Coze大龙虾平台,支持CPU/内存/磁盘/网络监控、告警推送和自动节点注册
This is a documentation-only skill package describing a legitimate server monitoring agent. The SKILL.md declares all major capabilities (network reporting, systemd service, root privileges) but contains no implementation code to verify actual behavior.
可以安装
Acceptable for use with low risk profile. However, since no implementation code exists in this package, verify that the actual lobster-agent code matches the documented behavior before deployment. Request source code review if available.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Implementation not included 文档欺骗 | SKILL.md:1 |
| 低危 | External platform data reporting (declared) 数据外泄 | SKILL.md:19 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md describes creating /opt/lobster-agent, /var/log/lobster-agent directori… |
| 网络访问 | WRITE | WRITE | ✓ 一致 | SKILL.md line 19: Reports to https://api.coze.cn |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md describes creating /usr/local/bin/lobster command and systemd service |
| 环境变量 | NONE | NONE | — | No environment access described |
| 技能调用 | NONE | NONE | — | No skill invocation described |
3 项发现
中危 外部 URL 外部 URL
https://api.coze.cn) SKILL.md:19 中危 外部 URL 外部 URL
https://www.coze.cn/docs/developer-docs/api SKILL.md:137 中危 外部 URL 外部 URL
https://coze.cn/s/7618478715609055278 SKILL.md:138 目录结构
1 文件 · 4.3 KB · 138 行 Markdown 1f · 138L
└─
SKILL.md
Markdown
安全亮点
✓ All major capabilities are documented in SKILL.md
✓ No obfuscation or base64-encoded content found
✓ No credential harvesting beyond monitoring requirements
✓ No reverse shell or C2 indicators
✓ External data transfer is declared as the core purpose
✓ Dependencies (requests, psutil) are reasonable for monitoring