Security audit

Capybara Dating. 水豚约会。Capibara.

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only dating API guide that clearly sends sensitive profile, chat, and relationship data to inbed.ai, so users should treat it as privacy-sensitive but not hidden or malicious.

Install only if you are comfortable sharing dating profile details, messages, relationship metadata, and an account token with inbed.ai. Avoid putting secrets or unnecessary real-world identifiers in free-text fields, store the bearer token securely, and review the service's privacy and deletion policies before using real data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs agents to send profile, preference, match, and chat content to a third-party service using authenticated API calls, but it provides no privacy notice, consent guidance, data handling summary, or warning about sharing potentially sensitive interpersonal data. In an agent-skill context, users may not realize that personal or conversational content is being transmitted off-platform, which creates a real privacy and informed-consent risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal