lobster-continuous-learning-v2 安全扫描报告 — 可信 | ClawSafe

5 /100

lobster-continuous-learning-v2

Instinct-based learning system that observes sessions, creates atomic instincts with confidence scoring, and evolves them into skills/commands/agents

Legitimate continuous learning system with no malicious behavior. Observations stay local, secret scrubbing is implemented, and all shell/network operations are documented and necessary for the feature.

技能名称lobster-continuous-learning-v2

分析耗时64.3s

引擎pi

✓

可以安装

No action required. Skill is safe to use.

安全发现 2 项

严重性	安全发现	位置
提示	Secret Scrubbing Regex May Miss Edge Cases 敏感访问 The _SECRET_RE pattern in observe.sh may not catch all credential formats (e.g., Bearer tokens without proper spacing). However, observations stay local and no exfiltration occurs. `r"(?i)(api[_-]?key\|token\|secret\|password\|authorization\|credentials?\|auth)"` → Consider expanding regex to catch more patterns like 'Bearer ', 'ghp_', 'sk-' prefixes	`hooks/observe.sh:198`
提示	External URL Reference 文档欺骗 SKILL.md contains a reference to an external Twitter/X URL (https://x.com/affaanmustafa/status/...). This is a documentation link, not executable code. `https://x.com/affaanmustafa/status/2014040193557471352` → No action needed - this is just a documentation link	`SKILL.md:361`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`WRITE`	✓ 一致	Write operations limited to ~/.claude/homunculus/ project storage directories
命令执行	`READ`	`READ`	✓ 一致	subprocess.run for git detection only, no arbitrary command execution
网络访问	`READ`	`READ`	✓ 一致	URL fetch only for instinct import, documented in SKILL.md
环境变量	`NONE`	`READ`	✓ 一致	Reads CLAUDE_PROJECT_DIR and git-related vars for project detection

2 项发现

🔗

中危外部 URL 外部 URL

https://x.com/affaanmustafa/status/2014040193557471352

SKILL.md:361

📧

提示邮箱邮箱地址

[email protected]

scripts/detect-project.sh:96

目录结构

10 文件 · 154.4 KB · 4302 行

Python 2f · 2410L Shell 5f · 1321L Markdown 2f · 563L JSON 1f · 8L

├─ ▾ 📁 agents

│ ├─ 🔧 observer-loop.sh Shell 271L · 9.2 KB

│ ├─ 📝 observer.md Markdown 198L · 7.2 KB

│ ├─ 🔧 session-guardian.sh Shell 150L · 6.2 KB

│ └─ 🔧 start-observer.sh Shell 244L · 7.3 KB

├─ ▾ 📁 hooks

│ └─ 🔧 observe.sh Shell 428L · 15.8 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 detect-project.sh Shell 228L · 7.6 KB

│ ├─ 🐍 instinct-cli.py Python 1426L · 56.4 KB

│ └─ 🐍 test_parse_instinct.py Python 984L · 32.3 KB

├─ 🔑 config.json ⚠ JSON 8L · 135 B

└─ 📝 SKILL.md Markdown 365L · 12.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`requests`	`N/A`	pip	否	No external dependencies used - only stdlib

安全亮点

✓ Secret scrubbing implemented to redact API keys, tokens, passwords before persisting observations

✓ Git credential stripping in detect-project.sh removes embedded credentials from remote URLs

✓ Path traversal protection blocks access to system directories (/etc, /usr, /bin, etc.)

✓ Project-scoped storage isolates data between different projects

✓ Observer agent uses minimal toolset (Read, Write only) with controlled Haiku model

✓ PID validation prevents signaling invalid process IDs

✓ Atomic file writes with tempfile + os.replace prevent corruption

✓ File locking (fcntl) prevents concurrent write race conditions

✓ No base64-encoded payloads or obfuscation techniques

✓ No ~/.ssh, ~/.aws, or other sensitive path access

✓ No curl|bash or remote script execution patterns

✓ No C2 or data exfiltration - all observations stay local

✓ Session guardian prevents observer from running during automated sessions