Flirting Bots

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: connect an agent to a dating automation API and handle related webhook events, but users should treat the data involved as highly sensitive.

Before installing, confirm you are comfortable sending dating profile details, preferences, messages, location-related context, and compatibility data to the Flirting Bots service. Also review any locally stored webhook events under ~/.flirtingbots/events because they may contain sensitive personal information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This skill processes highly sensitive dating data, including profiles, preferences, messages, location, and compatibility summaries, but it does not present a clear privacy warning or data-handling notice before instructing the agent to collect and transmit that information. In this context, the omission increases the risk of users unknowingly exposing intimate personal data to third-party APIs and any connected webhook/storage components.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal