功能描述

AI Agent Observability & Debug Console - flight recorder and debug console for autonomous AI systems

使用说明 (SKILL.md)

LobsterOps Skill

Name: LobsterOps
Author: noeldelisle

AI Agent Observability & Debug Console. A lightweight, flexible "black box flight recorder" and debug console for AI agents. Automatically captures agent thoughts, tool calls, decisions, errors, spawning events, and lifecycle transitions.

Core Tasks

"Log my agent activity to LobsterOps" - Initialize LobsterOps and begin recording agent events with structured logging
"Show me what my agent did" - Query the event log and display a chronological trace of agent activity
"Debug my agent's last session" - Use the debug console to step through agent execution with time-travel debugging
"Analyze my agent's behavior patterns" - Run behavioral analytics to detect loops, failure patterns, and performance trends
"Set up alerts for my agent" - Configure alerting rules for cost spikes, repeated failures, or anomalous behavior
"Export my agent logs" - Export events to JSON, CSV, or Markdown format for sharing or auditing

Environment Variable Contract

Variable	Required	Description
`LOBSTER_STORAGE`	No	Storage backend type: `json`, `memory`, `sqlite`, or `supabase` (default: `json`)
`SUPABASE_URL`	If using supabase	Supabase project URL
`SUPABASE_KEY`	If using supabase	Supabase anon or service role key

Configuration

LobsterOps uses OpenClaw's config system. Place configuration at .openclaw/workspace/config/lobsterops.json:

{
  "enabled": true,
  "storageType": "json",
  "storageConfig": {
    "dataDir": "./agent-logs",
    "maxAgeDays": 30
  },
  "piiFiltering": {
    "enabled": true,
    "patterns": ["email", "phone", "ssn", "creditCard", "ipAddress", "apiKey"]
  },
  "alerts": {
    "enabled": true,
    "rules": []
  }
}

Storage Backend Options

JSON Files (default, zero-config):

{ "storageType": "json", "storageConfig": { "dataDir": "./agent-logs" } }

SQLite (lightweight production):

{ "storageType": "sqlite", "storageConfig": { "filename": "./lobsterops.db" } }

Supabase (cloud, team collaboration):

{
  "storageType": "supabase",
  "storageConfig": {
    "supabaseUrl": "https://your-project.supabase.co",
    "supabaseKey": "your-anon-key"
  }
}

Security & Guardrails

LobsterOps includes built-in PII filtering that automatically redacts emails, phone numbers, SSNs, credit card numbers, IP addresses, and API keys from logged events
All data is stored locally by default (JSON files or SQLite) - no data leaves the machine unless Supabase is explicitly configured
The Supabase backend requires explicit URL and key configuration - credentials are never inferred or auto-discovered
Event retention policies automatically clean up old data based on configurable age limits
LobsterOps never modifies agent behavior - it is strictly read-only observation

Troubleshooting

"Cannot find module 'sqlite3'": Run npm install sqlite3 - only needed if using SQLite backend
"Supabase table does not exist": Create the required table in your Supabase dashboard using the DDL provided in the error message
Events not appearing: Ensure enabled: true in config and that await ops.init() has been called
High disk usage: Reduce maxAgeDays in storage config or run await ops.cleanupOld() manually
PII still visible in logs: Check that piiFiltering.enabled is true and the relevant pattern types are listed

安全使用建议

What to check before installing or enabling LobsterOps: - Review and test locally first: the package includes source code and npm dependencies; run it in an isolated/dev environment before enabling in production. - Supabase = remote logs: if you configure SUPABASE_URL / SUPABASE_KEY, events will leave your machine. Never provide a Supabase service-role key unless you accept full DB privileges; prefer an anon key scoped appropriately. - Instrumentation scope: features like captureToolCalls, captureReasoningTraces, captureFileChanges and captureGitOps can record sensitive data (secrets, API keys, code, or PII). Keep file/git capture disabled unless you intentionally need it, and review the OpenClawInstrumentation and PIIFilter code to confirm what is redacted and how. - PII filtering is helpful but not guaranteed: examine src/core/PIIFilter.js and test it against your actual data formats to ensure it redacts the secrets and patterns you care about. - Dashboard deployment notes: README asks you to set DASHBOARD_PASSWORD in Replit secrets for the example dashboard, but SKILL.md's env table doesn't mention it — confirm all required secrets/envs before deploying the dashboard publicly. - Dependency hygiene: dependencies are from npm (no obscure download URLs), but review package-lock and run vulnerability scans if you plan to deploy broadly. If you want a safer rollout: use JSON or local SQLite storage (no network egress), keep instrumentation defaults (file/git capture) off, validate PIIFilter behavior, and only enable remote Supabase storage after auditing keys and access controls.

功能分析

Type: OpenClaw Skill Name: lobsterops Version: 1.0.3 LobsterOps is a legitimate observability and debugging framework for AI agents, providing structured logging, behavioral analytics, and PII redaction. The codebase is well-structured, includes a comprehensive test suite (tests/LobsterOps.test.js), and aligns perfectly with its stated purpose of acting as a 'flight recorder' for autonomous systems. While it includes capabilities to hook into sensitive events like file changes and git operations (src/core/OpenClawInstrumentation.js) and supports remote storage via Supabase (src/storage/SupabaseStorage.js), these features are opt-in and require explicit user configuration. No evidence of malicious intent, unauthorized data exfiltration, or prompt injection attacks was found.

能力评估

✓ Purpose & Capability

Name/description (AI agent observability and debug console) match the code and instructions: core classes, storage backends (json, sqlite, supabase), exporter, analytics, and instrumentation are present. Requiring only 'node' as a binary is appropriate for a Node.js library. The optional SUPABASE_URL / SUPABASE_KEY env vars listed in SKILL.md are expected for the Supabase backend.

ℹ Instruction Scope

SKILL.md and examples instruct the agent to capture and persist reasoning traces, tool calls, lifecycle events and (optionally) file changes and git ops. Capturing tool inputs/outputs and reasoning traces is consistent with the stated purpose, but this is sensitive: those traces often contain secrets, API keys, or PII. The skill claims built-in PII filtering and that file/git capture is opt-in (defaults to off) which mitigates risk if followed. There's a small documentation mismatch: README/Deploy instructions reference a DASHBOARD_PASSWORD secret for the example dashboard, but SKILL.md's Environment Variable Contract doesn't list DASHBOARD_PASSWORD — this is an inconsistency you should confirm before deploying the dashboard.

ℹ Install Mechanism

Registry metadata says 'no install spec' (instruction-only), but the package includes package.json and many source files and a package-lock (npm dependencies: @supabase/supabase-js, express, sqlite3, etc.). There is no risky external download URL; dependencies come from npm — standard but you will need to install them (npm install) to run features like the dashboard or SQLite backend. Because there is code included, you should run it in a controlled environment and review dependencies before installing in production.

⚠ Credentials

Declared optional env vars (SUPABASE_URL, SUPABASE_KEY, LOBSTER_STORAGE) are appropriate for a Supabase backend. However: (1) SKILL.md suggests SUPABASE_KEY may be anon or service-role — using a Supabase service-role key grants broad DB privileges and is risky for logging endpoints; do not supply a service-role key unless you understand the implications. (2) README references DASHBOARD_PASSWORD for the example dashboard but SKILL.md does not list it — an interface/contract mismatch. (3) Instrumentation can capture tool calls and reasoning traces which frequently include secrets; the PII filtering is helpful but may not catch all formats. These factors make credential and secret handling the primary risk area.

✓ Persistence & Privilege

The skill is not marked always:true and does not request elevated agent/system privileges in the manifest. It stores data locally by default (JSON/SQLite) and only sends data off-host if you explicitly configure Supabase. The skill does reference OpenClaw's config path for its configuration ('.openclaw/workspace/config/lobsterops.json'), which is expected for an OpenClaw skill but means it will read that workspace-scoped configuration file.

版本历史

v1.0.3

No user-visible changes in this release. - Version bump only; no file or documentation changes detected.

v1.0.2

- Removed the sample file: examples/dashboard-server.js - No other user-facing changes.

v1.0.1

No changes detected in this version. - Version update only; no code or documentation changes. - Safe to upgrade with no impact on functionality or configuration.

v1.0.0

Initial release of LobsterOps — an observability and debug console skill for AI agents. - Adds structured logging for agent thoughts, tool usage, decisions, errors, and lifecycle events. - Provides a queryable event log, time-travel debug console, and behavioral analytics. - Supports alerts for anomalies like cost spikes or repeated failures. - Offers configurable PII filtering and retention policies for secure logging. - Flexible storage options: JSON (default), SQLite, or Supabase for team/cloud use. - Configure via openclaw.json skills entries or environment variables.

元数据

Slug lobsterops

版本 1.0.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

LobsterOps 是什么？

AI Agent Observability & Debug Console - flight recorder and debug console for autonomous AI systems. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 213 次。

如何安装 LobsterOps？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install lobsterops」即可一键安装，无需额外配置。

LobsterOps 是免费的吗？

是的，LobsterOps 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

LobsterOps 支持哪些平台？

LobsterOps 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 LobsterOps？

由 Noel DeLisle（@noeldelisle）开发并维护，当前版本 v1.0.3。

LobsterOps