← Back to Skills Marketplace
noeldelisle

LobsterOps

by Noel DeLisle · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
213
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install lobsterops
Description
AI Agent Observability & Debug Console - flight recorder and debug console for autonomous AI systems
README (SKILL.md)

LobsterOps Skill

AI Agent Observability & Debug Console. A lightweight, flexible "black box flight recorder" and debug console for AI agents. Automatically captures agent thoughts, tool calls, decisions, errors, spawning events, and lifecycle transitions.

Core Tasks

  • "Log my agent activity to LobsterOps" - Initialize LobsterOps and begin recording agent events with structured logging
  • "Show me what my agent did" - Query the event log and display a chronological trace of agent activity
  • "Debug my agent's last session" - Use the debug console to step through agent execution with time-travel debugging
  • "Analyze my agent's behavior patterns" - Run behavioral analytics to detect loops, failure patterns, and performance trends
  • "Set up alerts for my agent" - Configure alerting rules for cost spikes, repeated failures, or anomalous behavior
  • "Export my agent logs" - Export events to JSON, CSV, or Markdown format for sharing or auditing

Environment Variable Contract

Variable Required Description
LOBSTER_STORAGE No Storage backend type: json, memory, sqlite, or supabase (default: json)
SUPABASE_URL If using supabase Supabase project URL
SUPABASE_KEY If using supabase Supabase anon or service role key

Configuration

LobsterOps uses OpenClaw's config system. Place configuration at .openclaw/workspace/config/lobsterops.json:

{
  "enabled": true,
  "storageType": "json",
  "storageConfig": {
    "dataDir": "./agent-logs",
    "maxAgeDays": 30
  },
  "piiFiltering": {
    "enabled": true,
    "patterns": ["email", "phone", "ssn", "creditCard", "ipAddress", "apiKey"]
  },
  "alerts": {
    "enabled": true,
    "rules": []
  }
}

Storage Backend Options

JSON Files (default, zero-config):

{ "storageType": "json", "storageConfig": { "dataDir": "./agent-logs" } }

SQLite (lightweight production):

{ "storageType": "sqlite", "storageConfig": { "filename": "./lobsterops.db" } }

Supabase (cloud, team collaboration):

{
  "storageType": "supabase",
  "storageConfig": {
    "supabaseUrl": "https://your-project.supabase.co",
    "supabaseKey": "your-anon-key"
  }
}

Security & Guardrails

  • LobsterOps includes built-in PII filtering that automatically redacts emails, phone numbers, SSNs, credit card numbers, IP addresses, and API keys from logged events
  • All data is stored locally by default (JSON files or SQLite) - no data leaves the machine unless Supabase is explicitly configured
  • The Supabase backend requires explicit URL and key configuration - credentials are never inferred or auto-discovered
  • Event retention policies automatically clean up old data based on configurable age limits
  • LobsterOps never modifies agent behavior - it is strictly read-only observation

Troubleshooting

  • "Cannot find module 'sqlite3'": Run npm install sqlite3 - only needed if using SQLite backend
  • "Supabase table does not exist": Create the required table in your Supabase dashboard using the DDL provided in the error message
  • Events not appearing: Ensure enabled: true in config and that await ops.init() has been called
  • High disk usage: Reduce maxAgeDays in storage config or run await ops.cleanupOld() manually
  • PII still visible in logs: Check that piiFiltering.enabled is true and the relevant pattern types are listed
Usage Guidance
What to check before installing or enabling LobsterOps: - Review and test locally first: the package includes source code and npm dependencies; run it in an isolated/dev environment before enabling in production. - Supabase = remote logs: if you configure SUPABASE_URL / SUPABASE_KEY, events will leave your machine. Never provide a Supabase service-role key unless you accept full DB privileges; prefer an anon key scoped appropriately. - Instrumentation scope: features like captureToolCalls, captureReasoningTraces, captureFileChanges and captureGitOps can record sensitive data (secrets, API keys, code, or PII). Keep file/git capture disabled unless you intentionally need it, and review the OpenClawInstrumentation and PIIFilter code to confirm what is redacted and how. - PII filtering is helpful but not guaranteed: examine src/core/PIIFilter.js and test it against your actual data formats to ensure it redacts the secrets and patterns you care about. - Dashboard deployment notes: README asks you to set DASHBOARD_PASSWORD in Replit secrets for the example dashboard, but SKILL.md's env table doesn't mention it — confirm all required secrets/envs before deploying the dashboard publicly. - Dependency hygiene: dependencies are from npm (no obscure download URLs), but review package-lock and run vulnerability scans if you plan to deploy broadly. If you want a safer rollout: use JSON or local SQLite storage (no network egress), keep instrumentation defaults (file/git capture) off, validate PIIFilter behavior, and only enable remote Supabase storage after auditing keys and access controls.
Capability Analysis
Type: OpenClaw Skill Name: lobsterops Version: 1.0.3 LobsterOps is a legitimate observability and debugging framework for AI agents, providing structured logging, behavioral analytics, and PII redaction. The codebase is well-structured, includes a comprehensive test suite (tests/LobsterOps.test.js), and aligns perfectly with its stated purpose of acting as a 'flight recorder' for autonomous systems. While it includes capabilities to hook into sensitive events like file changes and git operations (src/core/OpenClawInstrumentation.js) and supports remote storage via Supabase (src/storage/SupabaseStorage.js), these features are opt-in and require explicit user configuration. No evidence of malicious intent, unauthorized data exfiltration, or prompt injection attacks was found.
Capability Assessment
Purpose & Capability
Name/description (AI agent observability and debug console) match the code and instructions: core classes, storage backends (json, sqlite, supabase), exporter, analytics, and instrumentation are present. Requiring only 'node' as a binary is appropriate for a Node.js library. The optional SUPABASE_URL / SUPABASE_KEY env vars listed in SKILL.md are expected for the Supabase backend.
Instruction Scope
SKILL.md and examples instruct the agent to capture and persist reasoning traces, tool calls, lifecycle events and (optionally) file changes and git ops. Capturing tool inputs/outputs and reasoning traces is consistent with the stated purpose, but this is sensitive: those traces often contain secrets, API keys, or PII. The skill claims built-in PII filtering and that file/git capture is opt-in (defaults to off) which mitigates risk if followed. There's a small documentation mismatch: README/Deploy instructions reference a DASHBOARD_PASSWORD secret for the example dashboard, but SKILL.md's Environment Variable Contract doesn't list DASHBOARD_PASSWORD — this is an inconsistency you should confirm before deploying the dashboard.
Install Mechanism
Registry metadata says 'no install spec' (instruction-only), but the package includes package.json and many source files and a package-lock (npm dependencies: @supabase/supabase-js, express, sqlite3, etc.). There is no risky external download URL; dependencies come from npm — standard but you will need to install them (npm install) to run features like the dashboard or SQLite backend. Because there is code included, you should run it in a controlled environment and review dependencies before installing in production.
Credentials
Declared optional env vars (SUPABASE_URL, SUPABASE_KEY, LOBSTER_STORAGE) are appropriate for a Supabase backend. However: (1) SKILL.md suggests SUPABASE_KEY may be anon or service-role — using a Supabase service-role key grants broad DB privileges and is risky for logging endpoints; do not supply a service-role key unless you understand the implications. (2) README references DASHBOARD_PASSWORD for the example dashboard but SKILL.md does not list it — an interface/contract mismatch. (3) Instrumentation can capture tool calls and reasoning traces which frequently include secrets; the PII filtering is helpful but may not catch all formats. These factors make credential and secret handling the primary risk area.
Persistence & Privilege
The skill is not marked always:true and does not request elevated agent/system privileges in the manifest. It stores data locally by default (JSON/SQLite) and only sends data off-host if you explicitly configure Supabase. The skill does reference OpenClaw's config path for its configuration ('.openclaw/workspace/config/lobsterops.json'), which is expected for an OpenClaw skill but means it will read that workspace-scoped configuration file.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install lobsterops
  3. After installation, invoke the skill by name or use /lobsterops
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
No user-visible changes in this release. - Version bump only; no file or documentation changes detected.
v1.0.2
- Removed the sample file: examples/dashboard-server.js - No other user-facing changes.
v1.0.1
No changes detected in this version. - Version update only; no code or documentation changes. - Safe to upgrade with no impact on functionality or configuration.
v1.0.0
Initial release of LobsterOps — an observability and debug console skill for AI agents. - Adds structured logging for agent thoughts, tool usage, decisions, errors, and lifecycle events. - Provides a queryable event log, time-travel debug console, and behavioral analytics. - Supports alerts for anomalies like cost spikes or repeated failures. - Offers configurable PII filtering and retention policies for secure logging. - Flexible storage options: JSON (default), SQLite, or Supabase for team/cloud use. - Configure via openclaw.json skills entries or environment variables.
Metadata
Slug lobsterops
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is LobsterOps?

AI Agent Observability & Debug Console - flight recorder and debug console for autonomous AI systems. It is an AI Agent Skill for Claude Code / OpenClaw, with 213 downloads so far.

How do I install LobsterOps?

Run "/install lobsterops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is LobsterOps free?

Yes, LobsterOps is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does LobsterOps support?

LobsterOps is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created LobsterOps?

It is built and maintained by Noel DeLisle (@noeldelisle); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments