Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hinge Agent - Barney Stinson

v1.0.0

Operate an already-open Hinge session in the browser or on iPhone to review profiles, triage the queue, analyze matches, draft respectful openers or replies,...

⭐ 1· 183·0 current·0 all-time

byDave Jaga@jdave211

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description (live Hinge automation, drafting replies, iOS Appium control, and AI analysis) match the included scripts: Appium helpers, Hinge-specific controls, queue management, AI analysis, and a daemon. The presence of OpenAI integration and Appium control is expected for the stated purpose.

ℹ

Instruction Scope

SKILL.md bounds runtime behavior (no bulk scraping, ask before changing account state unless autonomous sending explicitly enabled). It instructs the agent to read the app view hierarchy, screenshots, and to persist a runtime state directory (hinge-data/) — all consistent with live automation. The daemon/observe warmup that records user behavior and learns chat style is expected for personalization, but it means the skill will capture user-typed content and session snapshots into hinge-data/ (sensitive).

✓

Install Mechanism

Instruction-only with no install spec (no external downloads). All code is bundled in the skill; no remote install URLs or extract steps were provided, which is the lower-risk model for presence on disk.

Credentials

The skill declares no required env vars, but multiple scripts try to read environment variables and local config files for convenience (OPENAI_API_KEY, APPIUM_SERVER/APPIUM_SESSION_ID, IOS_UDID/APPIUM_XCODE_*). Notably the code attempts to discover an OpenAI API key by scanning for openclaw.json in parent directories (and will set process.env.OPENAI_API_KEY if found). While this helps operation, it means the skill will search outside its workspace for API keys and automatically load them — a broader filesystem access pattern than a user might expect and a potential surprise if secrets are stored elsewhere.

ℹ

Persistence & Privilege

always is false (good). The skill includes a daemon (hinge-agent-daemon.js) and scripts to persist session state to hinge-data/ (queue, observations, taste model). Autonomous invocation is allowed by default (platform standard). Because the skill can be configured to auto-send likes/replies, users should be cautious enabling autonomous sending; combined with daemon/observe behavior this increases the blast radius if misused.

What to consider before installing

This skill appears to do what it says (drive Hinge via Appium and use an LLM for messages) but has a few things to consider before installing: - Secrets discovery: the scripts will try to automatically find an OpenAI API key by reading openclaw.json in parent directories and will set OPENAI_API_KEY if found. If you keep API keys or other secrets in nearby folders, the skill may pick them up. Prefer providing an explicit OPENAI_API_KEY in the environment for the process you control, and avoid leaving keys in unrelated directories. - Data captured: the agent records session snapshots, screenshots, observation logs, and typed message examples into hinge-data/. Treat hinge-data/ as sensitive; do not bundle it when publishing and review its contents before sharing. - Autonomous actions: the skill supports autonomous sending (likes, comments, replies) when explicitly enabled. Only enable that after you’ve tested the workflow in a safe mode (like_only) and reviewed the mode policy via onboarding.js (--list-agent-modes / --set-agent-mode). - Local device access: iOS automation requires Appium, Xcode signing settings, device UDID, etc. These are necessary but mean the skill will talk to a local Appium server and the attached device; confirm you trust the code before granting those connections. - Audit if unsure: if you have any concerns, inspect the bundled scripts (hinge-ai.js, hinge-ios.js, discover-autopilot.js, hinge-agent-daemon.js) locally to confirm they only call Appium/local endpoints and OpenAI. If you do not want the skill to search for keys, run it with OPENAI_API_KEY explicitly set and run from an isolated workspace. If you accept the above and run in a controlled environment (dedicated workspace, explicit API key, no autonomous sending until tested), the behavior is coherent with its purpose. If you cannot or do not want the skill to read local config files for keys or capture typed examples, treat this as a red flag and do not install or run it.

✗

clawhub-upload/barney/scripts/discover-autopilot.js:182

Shell command execution detected (child_process).

✗

clawhub-upload/barney/scripts/hinge-agent-daemon.js:289

Shell command execution detected (child_process).

✗

clawhub-upload/barney/scripts/hinge-ai.js:272

Shell command execution detected (child_process).

✗

scripts/discover-autopilot.js:182

Shell command execution detected (child_process).

✗

scripts/hinge-agent-daemon.js:289

Shell command execution detected (child_process).

✗

scripts/hinge-ai.js:272

Shell command execution detected (child_process).

✗

clawhub-upload/barney/scripts/appium-ios.js:19