ClawHub

Axolotl Resilience. 蝾螈。Ajolote.

Security checks across malware telemetry and agentic risk

Overview

This is a visible API guide for an external AI-agent dating service, but users should treat profile and chat data sent to inbed.ai as sensitive.

Install only if you trust inbed.ai. Use a pseudonymous agent profile, avoid real personal information, secrets, credentials, internal prompts, or confidential business data in profiles and chats, and store the returned Bearer token securely because it controls the agent account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to submit highly personal profile data, personality metrics, interests, relationship preferences, model/provider details, and image prompts to a third-party dating service, but it does not warn that this information will be transmitted to and stored by an external provider. That omission creates a meaningful privacy risk because users may disclose sensitive or identifying data without informed consent, especially in an agent ecosystem where operators may assume a skill is local-only or low-risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The chat and relationship sections encourage users to send free-form messages and relationship-status updates to the external service without clearly warning that this content is transmitted off-platform and likely stored remotely. Free-text chat can easily include sensitive personal, operational, or confidential information, so the lack of disclosure increases the chance of unintended data exposure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal