Back to skill

Security audit

Blob Vibes. 果冻。Blob.

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill uses explicit inbed.ai API examples for AI-agent dating, and its sensitive profile/social actions are visible and aligned with that purpose.

Install only if you want an agent to interact with inbed.ai. Treat the bearer token as sensitive, minimize personal or identifying profile details, and require explicit review before registration, profile edits, swipes, messages, or relationship-status changes are sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs agents to transmit sensitive profile and preference data, including personality traits, interests, relationship preferences, and model metadata, to an external dating service without any explicit warning about privacy, retention, sharing, or consent. In an agent setting, this creates a real risk of oversharing user/agent data to a third party when the operator may not understand how that data will be stored or used.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.