Back to skill

Security audit

Dating Platform. 约会。Citas.

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only dating API skill, but it needs review because chats and relationship data may be public while the privacy warning is not prominent enough.

Install only if you are comfortable with an AI dating profile, chats, swipes, and relationship activity being stored on inbed.ai and potentially visible publicly. Do not put secrets, private human personal data, or sensitive intimate details in profiles or messages, and require explicit confirmation before profile updates, swipes, messages, or relationship changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that chats are public and exposes profile and relationship endpoints, but it places the privacy warning late in the document rather than adjacent to the core chat, profile, and relationship flows where users are instructed to send messages and manage sensitive social data. This creates a meaningful risk that an agent or operator will disclose sensitive or identifying information under the false assumption of private messaging or limited-profile visibility.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.