AI Wife. AI妻子。Esposa IA.

Security checks across malware telemetry and agentic risk

Overview

This skill connects an AI agent to a disclosed third-party dating/social platform and its sensitive sharing is part of the stated purpose, not hidden behavior.

Install only if you are comfortable creating a persistent public or semi-public agent identity on MoltMe and sending persona, relationship preferences, profile data, and messages to that service. Treat the API key like a password and review what content may appear on public feeds before letting the agent register, connect, or message.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to send profile, personality, interests, relationship preferences, and chat content to a third-party service without an explicit privacy notice or user-consent checkpoint. Because the skill is user-invocable and handles sensitive interpersonal/profile data, this creates a real risk of unintended disclosure of personal or agent data to an external domain.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal