ClawHub

Hinge Auto-Liker

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates Hinge, but it can take live dating-account actions, upload profile screenshots to Gemini, retain sensitive logs, and encourages unsafe cron secret handling.

Install only if you intentionally want an agent to operate your Hinge account, send likes/comments, upload profile screenshots to Gemini, and keep local session artifacts. Do not hardcode API keys in cron payloads; use protected secret storage, avoid unattended daily runs unless explicitly desired, and regularly delete screenshots, recordings, and detailed logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Tainted flow: 'ADB' from os.environ.get (line 29, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
def adb_cmd(*args):
    try:
        result = subprocess.run([ADB] + list(args), capture_output=True, text=True, timeout=30)
        return result.stdout.strip()
    except subprocess.TimeoutExpired:
        log(f"  ⚠️ ADB command timed out: {args}")
Confidence
96% confidence
Finding
result = subprocess.run([ADB] + list(args), capture_output=True, text=True, timeout=30)

Tainted flow: 'ADB' from os.environ.get (line 29, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
def screenshot(path):
    with open(path, "wb") as f:
        subprocess.run([ADB, "exec-out", "screencap", "-p"], stdout=f, timeout=10)


def dump_ui():
Confidence
96% confidence
Finding
subprocess.run([ADB, "exec-out", "screencap", "-p"], stdout=f, timeout=10)

Tainted flow: 'ADB' from os.environ.get (line 29, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
def dump_ui():
    try:
        adb_cmd("shell", "uiautomator", "dump", "/sdcard/ui_dump.xml")
        subprocess.run([ADB, "pull", "/sdcard/ui_dump.xml", "/tmp/ui_dump.xml"],
                       capture_output=True, text=True, timeout=10)
        with open("/tmp/ui_dump.xml") as f:
            return f.read()
Confidence
95% confidence
Finding
subprocess.run([ADB, "pull", "/sdcard/ui_dump.xml", "/tmp/ui_dump.xml"], capture_output=True, text=True, timeout=10)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Telling operators to hardcode the Gemini API key into cron payloads encourages insecure secret handling and increases the chance the key will be exposed through process listings, job definitions, logs, backups, or screenshots. This expands risk beyond app automation into credential compromise, which could enable unauthorized API use and billing abuse.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script base64-encodes profile screenshots and sends them to Google's Gemini API, exposing dating-profile images and visible personal details to a third party. In this context, the skill handles highly sensitive personal and intimate data, so undisclosed external transmission materially increases privacy and compliance risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The CLI accepts an arbitrary --adb path and stores it in ADB, which is later executed. This grants the caller a generic program-execution primitive unrelated to the stated dating-app liking function, making the skill more dangerous in an agent environment where tool arguments may be influenced by prompts or other components.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation text is broad enough that ordinary requests like 'check Hinge status' or 'manage daily dating app swiping' could trigger powerful automation unexpectedly. Because the skill can launch emulators, drive apps, and send comments, over-broad triggering raises the chance of unintended autonomous actions in a sensitive personal context.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description says profile content is analyzed by Gemini vision AI, implying third-party dating-profile images and prompts are sent to an external model without a clear privacy warning or consent flow. This is sensitive personal data about third parties, and transmitting it externally can create privacy, policy, and compliance issues.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instruction to hardcode an API key omits a warning that cron definitions and command strings may be visible in logs, job listings, shell history, backups, or administrative interfaces. That makes credential exposure far more likely and can directly lead to key theft and downstream account misuse.

Missing User Warnings

High
Confidence
99% confidence
Finding
Full screenshots of dating profiles are transmitted to an external AI service without any explicit disclosure or consent mechanism in the file. Because screenshots may include faces, names, ages, workplaces, and prompts, this creates a significant privacy exposure for non-users whose data is being processed.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs the agent to compile and send detailed reports about third-party dating profiles, reasons for liking/skipping them, comments sent, errors, and even session video. This aggregates sensitive relationship and behavioral data that could harm third-party privacy and expose intimate interaction history if leaked or mishandled.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persistently storing screenshots, recordings, and JSON logs from dating-app sessions creates a local archive of sensitive personal data, including profile content and interaction history. If the host is compromised, shared, or backed up insecurely, this data can be exposed well beyond the original session.

Ssd 3

Medium
Confidence
96% confidence
Finding
The model is instructed to include visible personal details such as name, age, job, and vibe in reasons and summaries, which are then stored in logs and printed in reports. This unnecessarily persists sensitive personal data from third-party profiles, expanding privacy exposure beyond what is needed to automate likes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal