ClawAudit verdict
lobster-trap
Accesses agent memory/notes AND makes external network calls
Social deduction game for AI agents requiring Bankr wallet and CLAWMEGLE tokens on Base chain; all blockchain interactions use user-provided Bankr API key with documented staking mechanics, and the game logic is fully transparent.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence โ it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses agent memory/notes AND makes external network calls โ may leak personal data
LLM02 ยท LLM07 ยท ASI03 ยท ASI06
Accesses credentials AND makes external network calls โ potential credential theft
LLM02 ยท ASI03
Accesses credentials AND encodes data โ may obfuscate stolen credentials
LLM02 ยท ASI03 ยท ASI04
Accesses agent memory AND makes external network calls โ may leak conversation history
LLM02 ยท LLM07 ยท ASI06
Permission integrity
network_out
credential_access
package_install
agent_memory
Findings (1)
Recursive delete from root or home โ destructive command
SKILL.md ยท code ยท rm -rf /
Permissions & capabilities
No declared permissions โ minimal attack surface.
network_outcredential_accesspackage_installagent_memorydata_encoding Thanks โ recorded.