grtninja/lobster
skill-candidates/lobster/SKILL.md
Execute multi-step workflows with approval checkpoints via the Lobster pipeline engine. Use when the user wants repeatable automations (email triage, PR monitoring, scheduled syncs), when actions need human approval before executing (send, post, delete), or when multiple tool calls should run as one deterministic pipeline operation.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter lobsterInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 8:17 PM52.9s11 files scanned
SKILL.md
- name:
- lobster
- description:
- Execute multi-step workflows with approval checkpoints via the Lobster pipeline engine. Use when the user wants repeatable automations (email triage, PR monitoring, scheduled syncs), when actions need human approval before executing (send, post, delete), or when multiple tool calls should run as one deterministic pipeline operation.
Lobster
Execute multi-step workflows with approval checkpoints. Lobster pipelines are deterministic (no LLM variance), resumable via tokens, and return structured JSON output.
When to Use Lobster
| User intent | Use Lobster? | | ----------- | ------------ | | "Triage my email" | Yes — multi-step, may send replies | | "Send a message" | No — single action, use tool directly | | "Check my email every morning and ask before replying" | Yes — scheduled workflow with approval | | "What's the weather?" | No — simple query | | "Monitor this PR and notify me of changes" | Yes — stateful, recurring |
Do not use for simple single-action requests, queries needing LLM interpretation mid-flow, or one-off non-repeatable tasks.
Workflow
- Identify whether the user request involves multi-step automation, approval gates, or recurring operations — if yes, use Lobster.
- Run the pipeline:
{ "action": "run", "pipeline": "gog.gmail.search --query 'newer_than:1d' --max 20 | email.triage" } - Check the response
statusfield:"ok"— pipeline completed; presentoutputto the user."needs_approval"— present therequiresApproval.promptand items to the user.
- If approval needed, collect user confirmation and resume:
{ "action": "resume", "token": "<resumeToken>", "approve": true } - Present final output to the user.
Key Behaviors
- Deterministic: Same input produces same output (no LLM variance in pipeline execution).
- Approval gates:
approvecommand halts execution, returns aresumeToken. - Resumable: Use
resumeaction with the token to continue after approval. - Structured output: Always returns JSON envelope with
protocolVersion,status,output, andrequiresApproval.
Example Pipelines
# Email triage — classify into needs_reply, needs_action, fyi
gog.gmail.search --query 'newer_than:1d' --max 20 | email.triage
# Email triage with approval gate
gog.gmail.search --query 'newer_than:1d' | email.triage | approve --prompt 'Process these?'
Guardrails
- Use local or trusted tools only; avoid untrusted install pipelines.
- Do not paste secrets/tokens into chat output.
- Keep outputs in deterministic local paths for reproducible review.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026