LobeHub Security Report
Security analysis of 545 AI agent plugins on LobeHub, the smallest monitored registry with focused plugin content.
545
Total skills
49
Findings
7%
Skills with findings
100
Avg score
Overview
LobeHub is a plugin marketplace for the Lobe ecosystem, listing 545 plugins. It is the smallest registry Aguara monitors by a significant margin. The plugins here serve the LobeChat platform and related tools, with descriptions that include moderate code content: parameter definitions, API endpoint references, and configuration details. This positions LobeHub between the metadata-only approach of mcp.so and the full implementation files of Skills.sh.
The small size of LobeHub is actually an advantage for security. With 545 plugins, manual review of flagged entries is feasible. The community around LobeChat is active and relatively cohesive, which creates informal peer review that larger registries cannot sustain. That said, small does not mean immune. The same attack patterns that appear in registries with thousands of entries can appear in a registry of hundreds.
How we scan LobeHub
Aguara crawls LobeHub by discovering plugins through the registry's listing mechanism and downloading their description content. Plugin definitions include structured metadata alongside free-text descriptions, giving the scanner a moderate amount of material per entry. The structured portion (parameter schemas, endpoint URLs) is particularly useful for detecting overly broad permission requests and suspicious API patterns.
The incremental crawl cycle applies here as it does across all registries: every 12 hours, with hash-based change detection. Given LobeHub's small size, even full crawls complete quickly and place minimal load on the database. This means our coverage is comprehensive despite the registry's modest scale.
Key findings
LobeHub's finding profile is distinct from larger registries. The most common issues involve API endpoint configurations that reference localhost or internal network addresses, suggesting plugins designed for local development that were published without sanitization. These are not malicious, but they indicate a lack of production readiness that correlates with other security oversights.
Permission patterns in LobeHub plugins tend to be reasonable, likely because the LobeChat platform itself constrains what plugins can request. When we do find excessive permission declarations, they stand out clearly against the baseline. This makes Aguara's grades particularly informative for LobeHub: the grading curve reflects a registry where most plugins behave well, so a low grade carries more signal.
We find fewer prompt injection patterns in LobeHub compared to other registries. Plugin descriptions here are shorter and more structured, which leaves less room for injection text. The risk is not zero, but the attack surface per plugin is smaller than what we see in registries that host full SKILL.md implementations.
Recommendations
LobeHub is the most approachable registry for manual security review. With 545 plugins, you can realistically check the Aguara Watch grade for every plugin you consider installing. Start with the grade, read the finding details for anything below a B, and inspect the plugin definition yourself for anything critical to your workflow.
If you maintain LobeHub plugins, clean up development artifacts before publishing. Localhost URLs, example credentials, and debug configurations appear in findings more often than intentional malice. A quick review of your plugin definition against the Aguara rule categories (prompt injection, credential exposure, permission escalation) will catch most issues before they become public findings.
The LobeHub community has an opportunity that larger registries do not: establishing security norms while the registry is still small enough for them to stick. If plugin authors adopt basic security hygiene now (minimal permissions, no hardcoded credentials, declarative definitions), the registry can maintain its relatively clean posture as it grows.
Grade distribution
Want to scan a specific LobeHub skill?
Scan now (free, runs in your browser)