mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-06 09:32:52 +00:00
0d17623f00
Bumps OpenClaw release metadata to 2026.5.31 across package manifests, app version files, plugin metadata, changelog headings, and generated shrinkwraps. Verification: - pnpm plugins:sync:check - pnpm ios:version:check - pnpm deps:shrinkwrap:check - git diff --check - stale 2026.5.30/build-code scan across changed files - autoreview clean: no accepted/actionable findings - PR CI green for real gates: Checks, security scans, dependency guard, app lanes, real behavior proof Known non-code workflow issue: - label workflow failed because this PR hits GitHub's 100-label issue cap before the size-label step.
Lobster (plugin)
Adds the lobster agent tool as an optional plugin tool.
Install
openclaw plugins install @openclaw/lobster
Restart the Gateway after installing or updating the plugin.
What this is
- Lobster is a standalone workflow shell (typed JSON-first pipelines + approvals/resume).
- This plugin integrates Lobster with OpenClaw without core changes.
Enable
Because this tool can trigger side effects (via workflows), it is registered with optional: true.
Enable it in an agent allowlist:
{
"agents": {
"list": [
{
"id": "main",
"tools": {
"allow": [
"lobster" // plugin id (enables all tools from this plugin)
]
}
}
]
}
}
Using openclaw.invoke (Lobster → OpenClaw tools)
Some Lobster pipelines may include a openclaw.invoke step to call back into OpenClaw tools/plugins (for example: gog for Google Workspace, gh for GitHub, message.send, etc.).
For this to work, the OpenClaw Gateway must expose the tool bridge endpoint and the target tool must be allowed by policy:
- OpenClaw provides an HTTP endpoint:
POST /tools/invoke. - The request is gated by gateway auth (e.g.
Authorization: Bearer …when token auth is enabled). - The invoked tool is gated by tool policy (global + per-agent + provider + group policy). If the tool is not allowed, OpenClaw returns
404 Tool not available.
Allowlisting recommended
To avoid letting workflows call arbitrary tools, set a tight allowlist on the agent that will be used by openclaw.invoke.
Example (allow only a small set of tools):
{
"agents": {
"list": [
{
"id": "main",
"tools": {
"allow": ["lobster", "web_fetch", "web_search", "gog", "gh"],
"deny": ["gateway"],
},
},
],
},
}
Notes:
- If
tools.allowis omitted or empty, it behaves like "allow everything (except denied)". For a real allowlist, set a non-emptyallow. - Tool names depend on which plugins you have installed/enabled.
Security
- Runs Lobster in process via the published
@clawdbot/lobster/coreruntime. - Does not manage OAuth/tokens.
- Uses timeouts, stdout caps, and strict JSON envelope parsing.
Docs
Package
- Plugin id:
lobster - Tool:
lobster - Package:
@openclaw/lobster - Minimum OpenClaw host:
2026.4.25