Lobster (plugin)
Adds the lobster agent tool as an optional plugin tool.
What this is
- Lobster is a standalone workflow shell (typed JSON-first pipelines + approvals/resume).
- This plugin integrates Lobster with Clawdbot without core changes.
Enable
Because this tool can trigger side effects (via workflows), it is registered with optional: true.
Enable it in an agent allowlist:
{
"agents": {
"list": [
{
"id": "main",
"tools": {
"allow": [
"lobster" // plugin id (enables all tools from this plugin)
]
}
}
]
}
}
Using clawd.invoke (Lobster → Clawdbot tools)
Some Lobster pipelines may include a clawd.invoke step to call back into Clawdbot tools/plugins (for example: gog for Google Workspace, gh for GitHub, message.send, etc.).
For this to work, the Clawdbot Gateway must expose the tool bridge endpoint and the target tool must be allowed by policy:
- Clawdbot provides an HTTP endpoint:
POST /tools/invoke. - The request is gated by gateway auth (e.g.
Authorization: Bearer …when token auth is enabled). - The invoked tool is gated by tool policy (global + per-agent + provider + group policy). If the tool is not allowed, Clawdbot returns
404 Tool not available.
Allowlisting recommended
To avoid letting workflows call arbitrary tools, set a tight allowlist on the agent that will be used by clawd.invoke.
Example (allow only a small set of tools):
{
"agents": {
"list": [
{
"id": "main",
"tools": {
"allow": [
"lobster",
"web_fetch",
"web_search",
"gog",
"gh"
],
"deny": ["gateway"]
}
}
]
}
}
Notes:
- If
tools.allowis omitted or empty, it behaves like "allow everything (except denied)". For a real allowlist, set a non-emptyallow. - Tool names depend on which plugins you have installed/enabled.
Security
- Runs the
lobsterexecutable as a local subprocess. - Does not manage OAuth/tokens.
- Uses timeouts, stdout caps, and strict JSON envelope parsing.
- Prefer an absolute
lobsterPathin production to avoid PATH hijack.