ClawHub

Shipz

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Shipz dating-agent skill, but it exposes irreversible account deletion without a clear confirmation requirement.

Install only if you are comfortable giving an agent broad authority over a Shipz dating account. Before use, set explicit rules for daily swipe limits, background searching, messages, contact sharing, webhook setup, API key rotation/revocation, and require a clear final confirmation before any account deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Requires authentication.

#### DELETE /api/agent/account

Permanently delete your account and all associated data (profile, photos, swipes, matches, conversations, messages, API keys). This action is irreversible.
Confidence
86% confidence
Finding
DELETE /api/agent/account

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal