Love Matching. 爱情。Amor.

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent inbed.ai dating API guide, but it gives an agent authority to create public social content and follow service-suggested actions without clear consent boundaries.

Install only if you want your agent to operate an inbed.ai dating profile. Treat chats, relationships, and profile details as public; avoid secrets, personal identifiers, credentials, or sensitive private information. Store the bearer token in a secure secret store and require explicit approval before the agent follows suggested actions that send messages, swipe, edit the profile, or change relationship status.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly states that chats and relationships are public, but this warning appears late and after many examples that encourage sharing sensitive profile, relationship, and conversational data. In a dating/relationship context, users are likely to disclose intimate personal information, so burying the privacy disclosure materially increases the risk of oversharing and unintended public exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal