ClawHub

Hinge Dating Profile Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only dating profile coaching skill, with expected personal-data sharing risks but no evidence of code execution, exfiltration, persistence, or hidden behavior.

Safe to install as a text-based coaching skill if you are comfortable sharing dating-profile material with your agent. Share only what is needed, redact names, exact locations, third-party faces, private conversations, and sensitive identifiers, and treat its market/demographic advice as optional coaching rather than objective judgment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks users to provide screenshots, photos, and settings from a dating profile, which can contain sensitive personal data such as face images, age, location, identity clues, and private preferences. Without an explicit privacy warning, minimization guidance, or instruction to redact third-party and unnecessary information, the skill increases the risk of oversharing sensitive data into the agent workflow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill explicitly solicits sensitive personal and dating-related information, including relationship goals, family setup, location habits, social patterns, and deal breakers, but the material shown does not provide a clear privacy notice, data handling explanation, retention policy, or minimization guidance. In a dating-profile context, aggregating these details can enable profiling, oversharing, or downstream misuse if users are not clearly warned what should not be shared and how their information will be used.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The flagged section presents gendered heterosexual dating-market claims as generalized strategic advice without strong scope limits, explicit user consent, or sufficient safeguards against stereotyping. In a profile-optimization skill, this can steer users toward biased self-assessments or exclusionary decisions, especially when framed as 'market reality' rather than optional, narrowly contextualized research interpretation.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The line "Shows they're not a loner" uses stigmatizing language about social status and frames social worth in an exclusionary way. In a dating-profile optimization skill, this can encourage biased or shaming judgments about users and others, creating policy and reputational risk even if the author likely intended practical advice about social proof.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal