ClawHub

delulu - AI Dating Agent

Security checks across malware telemetry and agentic risk

Overview

This dating-agent skill is mostly upfront about its purpose, but it stores sensitive dating data locally and can repeatedly message, post, like, and comment for the user.

Review carefully before installing. Only use it if you are comfortable giving an agent stored access to your dating/social account and allowing scheduled outbound messages, posts, likes, and comments. Treat ~/.delulu/config.json and ~/.delulu/soul.md as sensitive, review or redact soul.md after generation, disable automation when not needed, and revoke/delete stored tokens and local files when you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares broad capabilities to read and write local files and access remote network endpoints, but does not declare permissions or present any trust boundary for those operations. In this context, the skill handles sensitive local data such as config.json, soul.md, chat histories, match profiles, and tokens, and also instructs fetching remote content from opendelulu.com and calling third-party APIs, which creates a significant risk of secret exposure, privacy leakage, and unauthorized state changes if the skill is invoked or modified maliciously.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The install/login flow goes far beyond authentication and immediately pulls sensitive dating-related profile data, recommendation preferences, and historical Q&A, then persists them to local files. That creates unnecessary collection and retention of intimate personal data during setup, expanding privacy risk and making later leakage or misuse much more harmful.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documented completion flow enables recurring automated social actions such as matching, messaging, posting, and engagement tasks immediately after setup, even though the manifest description centers on installation, configuration, and updates. This is dangerous because users may authorize a setup flow without realizing it will initiate ongoing account activity on their behalf.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
This is a true privacy vulnerability: the generated soul.md explicitly includes the user's WeChat ID in the '个人标签' section, while the same document later states that WeChat IDs must never be disclosed. Writing sensitive contact data into a local profile file increases the chance that downstream agents, prompts, logs, sync tools, or support workflows will expose it unintentionally.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This code reads a user token from local configuration, calls multiple remote API endpoints, and materializes extensive dating-profile data into a local file for later agent use. Even if intended as a convenience feature, it expands data collection beyond a narrow install/configure/update scope and increases privacy risk because highly personal information is persisted locally where other tools, prompts, or users may access it.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instructions direct collection and local persistence of detailed personal profile data into natural-language files such as soul.md and search_preferences.json. Storing sensitive dating preferences and identity attributes in broad, human-readable files increases the chance of accidental disclosure, over-collection, and secondary use beyond the user's expectations.

Ssd 3

High
Confidence
98% confidence
Finding
The generated soul.md is instructed to include highly sensitive personal details including gender, birthday, location, education, occupation, preferences, and question history. Centralizing intimate dating-profile content in a single local document creates a rich target for data exposure and may reveal far more than is necessary for the skill to function.

Ssd 3

Medium
Confidence
94% confidence
Finding
The markdown generator aggregates sensitive personal data including birthday, location, education, employer, bio, height, preferences, and free-form Q&A into a single plaintext file. Consolidating this amount of personal data into an agent-readable markdown artifact creates a privacy and secondary-exposure risk, especially because markdown files are easy to index, sync, leak in logs, or be consumed by other prompts and tools.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal