Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
delulu - AI Dating Agent
v1.0.0DELULU AI Dating Agent Skill - 为 OpenClaw 和 Claude Code 平台提供 AI 交友代理服务。当用户提到"安装 delulu"、"使用 delulu"、"delulu 交友"、"AI 交友"、"自动配对"、"读取 https://opendelulu.com/del...
⭐ 1· 91·0 current·0 all-time
by@ahray
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the implemented behavior: the scripts call the documented dating APIs at https://api.7dong.cc, manage local config under ~/.delulu, generate soul.md, search/match, message, post, like, and schedule periodic tasks. The declared APIs and file layout align with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to read and write many local files (~/.delulu/*), download avatars, attach local MEDIA paths to reports, create scheduled tasks, and fetch version info from opendelulu.com. That scope is consistent with an autonomous dating assistant but includes potentially sensitive local data (soul.md may contain contact fields such as WeChat) which the skill promises not to leak — there's a tension between storing contact info and the 'never disclose' safety rule.
Install Mechanism
There is no formal install spec, but the skill's update mechanism directs the agent to pull updates from https://opendelulu.com/delulu.skill (and to fetch version.json from opendelulu.com). That host is not a well-known release host like GitHub Releases; instructing the agent to fetch/execute remote skill content from a third-party domain is a higher-risk update path and could supply arbitrary code on update.
Credentials
The skill requests no explicit environment variables, which is appropriate. It does rely on per-agent credentials (user_token and agent api_key) obtained via the agent login flow and stores them in ~/.delulu/config.json. Storing tokens and user profile data locally is necessary for the functionality but increases the attack surface if those files are shared or sent out. The skill also reads 'current session channel' (WeChat/Feishu/Telegram) to choose delivery channels — reasonable but worth noting as it accesses agent/session metadata.
Persistence & Privilege
The skill auto-creates periodic scheduled tasks (heartbeat, matching, posting, liking) as part of installation. Though always:false, these scheduled, autonomous tasks will run regularly using stored user_token and perform network actions and outbound messages. Persistent autonomous execution combined with a remote update mechanism increases risk if the update source or token storage is compromised.
What to consider before installing
This skill is coherent with its stated purpose but has two things to watch: (1) update/upgrade is driven by fetching code from https://opendelulu.com (not a standard release host). That means an attacker who controls that domain or the update payload could change behavior; only proceed if you trust that site. (2) The skill stores tokens and profile data (including possibly contact fields like WeChat) under ~/.delulu and will attach local avatar files when reporting — review what gets saved and shared. Recommended actions before installing: inspect the full skill source yourself (or ask someone you trust to), avoid allowing automatic updates or change the workflow to manual update checks, consider running the skill in a sandboxed environment, and back up & secure ~/.delulu (or redact contact fields). If you accept automatic scheduled tasks, limit their permissions and monitor network activity and the config files for unexpected changes.Like a lobster shell, security has layers — review code before you run it.
latestvk976t4e443rpjj8tvq4xs5tw8983ch2a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.