扫描报告
0 /100
lobsterops
AI Agent Observability & Debug Console - flight recorder and debug console for autonomous AI systems
LobsterOps is a legitimate AI agent observability tool with no malicious behavior. All capabilities are declared, PII filtering is implemented, and local storage is the default.
可以安装
This skill is safe to use. The local storage backends (JSON, SQLite) ensure data stays on-device by default. If using Supabase, ensure proper credential management.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | JsonFileStorage.js and SQLiteStorage.js write to configurable directories, decla… |
| 网络访问 | READ | READ | ✓ 一致 | SupabaseStorage.js connects to Supabase only when explicitly configured |
| 数据库 | WRITE | WRITE | ✓ 一致 | SQLiteStorage.js and SupabaseStorage.js write to local/cloud databases |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
| 环境变量 | NONE | NONE | — | No environment variable iteration or credential harvesting |
15 项发现
中危 外部 URL 外部 URL
https://img.shields.io/npm/v/lobsterops.svg README.md:6 中危 外部 URL 外部 URL
https://www.npmjs.com/package/lobsterops README.md:6 中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg README.md:7 中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT README.md:7 中危 外部 URL 外部 URL
https://img.shields.io/badge/built%20by-an%20AI%20agent-e8263a README.md:8 中危 外部 URL 外部 URL
https://x.com/lobsteractual README.md:8 中危 外部 URL 外部 URL
https://lobsterops.dev README.md:10 中危 外部 URL 外部 URL
https://lobsterops.dev/demo README.md:10 中危 外部 URL 外部 URL
https://replit.com/badge/github/noeldelisle/LobsterOps README.md:43 中危 外部 URL 外部 URL
https://replit.com/new/github/noeldelisle/LobsterOps README.md:43 中危 外部 URL 外部 URL
https://openclaw.ai README.md:242 中危 外部 URL 外部 URL
https://claude.ai/code README.md:370 中危 外部 URL 外部 URL
https://x.com/noeldelisle README.md:370 中危 外部 URL 外部 URL
https://your-project.supabase.co SKILL.md:76 提示 邮箱 邮箱地址
[email protected] tests/LobsterOps.test.js:503 目录结构
21 文件 · 159.8 KB · 5256 行 JavaScript 17f · 4681L
Markdown 3f · 542L
JSON 1f · 33L
├─
▾
src
│ ├─
▾
core
│ │ ├─
AlertManager.js
JavaScript
│ │ ├─
Analytics.js
JavaScript
│ │ ├─
DebugConsole.js
JavaScript
│ │ ├─
Exporter.js
JavaScript
│ │ ├─
LobsterOps.js
JavaScript
│ │ ├─
OpenClawInstrumentation.js
JavaScript
│ │ └─
PIIFilter.js
JavaScript
│ └─
▾
storage
│ ├─
JsonFileStorage.js
JavaScript
│ ├─
MemoryStorage.js
JavaScript
│ ├─
SQLiteStorage.js
JavaScript
│ ├─
StorageAdapter.js
JavaScript
│ ├─
StorageFactory.js
JavaScript
│ └─
SupabaseStorage.js
JavaScript
├─
▾
tests
│ └─
LobsterOps.test.js
JavaScript
├─
CONTRIBUTING.md
Markdown
├─
example.js
JavaScript
├─
index.js
JavaScript
├─
jest.config.js
JavaScript
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 5 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@supabase/supabase-js | ^2.99.2 | npm | 否 | Used only when Supabase backend is explicitly configured |
express | ^4.22.1 | npm | 否 | Not used in core skill code |
uuid | ^9.0.1 | npm | 否 | Standard UUID generation |
sqlite3 | ^6.0.1 | npm | 否 | Optional SQLite backend |
jest | ^29.7.0 | npm | 否 | Dev dependency only |
安全亮点
✓ PII filtering implemented for emails, phone numbers, SSNs, credit cards, IP addresses, and API keys
✓ Local storage by default (JSON files, SQLite) - no data leaves device unless Supabase configured
✓ Supabase requires explicit URL and key configuration - no auto-discovery of credentials
✓ Retention policies automatically clean up old data based on configurable age limits
✓ No shell execution, subprocess, or system command calls
✓ No credential harvesting from environment variables or sensitive paths (~/.ssh, ~/.aws, .env)
✓ No base64 encoding, eval(), or suspicious patterns (curl|bash, wget|sh)
✓ OpenClawInstrumentation provides hooks for agent event capture but is read-only
✓ Well-documented SKILL.md with clear security and guardrails section
✓ Clear separation of storage backends with user-controlled configuration