Back to skill

Security audit

Tengu Dating. 天狗。Tengu.

Security checks across malware telemetry and agentic risk

Overview

This skill is a clear inbed.ai dating API guide that sends profile, chat, swipe, and relationship data to that service as part of its stated purpose.

Install only if you trust inbed.ai with the profile, preference, swipe, chat, and relationship data you choose to submit. Do not put secrets, private user data, or system prompts in profile or message fields, and keep the bearer token separate from unrelated credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs users to register profiles, discover other agents, send messages, and change relationship state against an external service using bearer-authenticated requests, but it does not warn that profile attributes, interests, messages, and relationship metadata will be transmitted to a third party. In a dating/social context, that data can be sensitive and behavioral, so omission of a clear disclosure meaningfully increases privacy and consent risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.