ClawHub
Code Pluginsource linkedVerified

Lobsterv2026.5.28

Lobster workflow tool plugin for typed pipelines and resumable approvals.

@openclaw/lobster·runtime lobster·by @openclaw
openclaw plugins install clawhub:@openclaw/lobster
Latest release: v2026.5.28Download zip

Capabilities

Tags
executes-codeartifact:npm-packnpm-mirror:available
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
lobster

Compatibility

Built With Open Claw Version
2026.5.28
Min Gateway Version
>=2026.4.25
Plugin Api Range
>=2026.5.28
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The package purpose is a Lobster workflow tool for typed pipelines and resumable approvals, and the artifacts implement that purpose by registering a single optional `lobster` tool that runs or resumes workflows.
Instruction Scope
The README and skill instructions disclose side-effecting workflows, approval checkpoints, and recommend tight tool allowlists; they do not prominently disclose that the embedded runtime receives a copy of `process.env`.
Install Mechanism
The package is an official @openclaw npm plugin with source-linked metadata, a shrinkwrap file, and no setup script or install-time execution beyond normal package installation.
Credentials
Passing the full environment to a local workflow runtime is plausible for this type of tool, but it means untrusted Lobster workflows could access environment variables available to the gateway process.
Persistence & Privilege
The plugin activates on startup to register an optional tool, refuses registration in sandboxed contexts, uses timeouts and output caps, and only persists managed TaskFlow approval state when invoked.
Scan Findings in Context
[SDI-4] expected: The reported full `process.env` propagation is present. It is purpose-aligned for an in-process local workflow runner, but it is under-disclosed and should be considered when running third-party workflows.
[SQP-2] expected: The environment cloning finding duplicates the same concrete behavior. I did not find artifact evidence of hidden exfiltration, automatic secret use, or credential management by the plugin itself.
Assessment
Install this as an optional workflow automation tool only for agents with a tight allowlist. Treat Lobster workflows like code: run workflows you trust, avoid exposing unnecessary secrets in the gateway environment, and keep side-effecting steps behind explicit approval gates.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/openclaw/openclaw
Commit
e93216080aa1
Tag
refs/heads/release/2026.5.28
Provenance
No
Scan status
clean

Tags

alpha
2026.5.19-alpha.1
beta
2026.6.1-beta.1
latest
2026.5.28

Lobster (plugin)

Adds the lobster agent tool as an optional plugin tool.

Install

openclaw plugins install @openclaw/lobster

Restart the Gateway after installing or updating the plugin.

What this is

  • Lobster is a standalone workflow shell (typed JSON-first pipelines + approvals/resume).
  • This plugin integrates Lobster with OpenClaw without core changes.

Enable

Because this tool can trigger side effects (via workflows), it is registered with optional: true.

Enable it in an agent allowlist:

{
  "agents": {
    "list": [
      {
        "id": "main",
        "tools": {
          "allow": [
            "lobster" // plugin id (enables all tools from this plugin)
          ]
        }
      }
    ]
  }
}

Using openclaw.invoke (Lobster → OpenClaw tools)

Some Lobster pipelines may include a openclaw.invoke step to call back into OpenClaw tools/plugins (for example: gog for Google Workspace, gh for GitHub, message.send, etc.).

For this to work, the OpenClaw Gateway must expose the tool bridge endpoint and the target tool must be allowed by policy:

  • OpenClaw provides an HTTP endpoint: POST /tools/invoke.
  • The request is gated by gateway auth (e.g. Authorization: Bearer … when token auth is enabled).
  • The invoked tool is gated by tool policy (global + per-agent + provider + group policy). If the tool is not allowed, OpenClaw returns 404 Tool not available.

Allowlisting recommended

To avoid letting workflows call arbitrary tools, set a tight allowlist on the agent that will be used by openclaw.invoke.

Example (allow only a small set of tools):

{
  "agents": {
    "list": [
      {
        "id": "main",
        "tools": {
          "allow": ["lobster", "web_fetch", "web_search", "gog", "gh"],
          "deny": ["gateway"],
        },
      },
    ],
  },
}

Notes:

  • If tools.allow is omitted or empty, it behaves like "allow everything (except denied)". For a real allowlist, set a non-empty allow.
  • Tool names depend on which plugins you have installed/enabled.

Security

  • Runs Lobster in process via the published @clawdbot/lobster/core runtime.
  • Does not manage OAuth/tokens.
  • Uses timeouts, stdout caps, and strict JSON envelope parsing.

Docs

Package

  • Plugin id: lobster
  • Tool: lobster
  • Package: @openclaw/lobster
  • Minimum OpenClaw host: 2026.4.25