Skillv1.0.0

ClawScan security

Hinge Auto-Liker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 8:52 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what its name/description claim (automating Hinge on an Android emulator and using Gemini for image/text analysis), but there are several inconsistencies and risky instructions — notably a mismatch between declared requirements and the SKILL.md/code, instructions that encourage insecure handling of API keys, and behavior that collects and transmits sensitive third‑party content (screenshots/videos) which raises privacy and policy concerns.
Guidance: What to consider before installing: - Metadata mismatch: The registry claims no required env vars, but both SKILL.md and the Python script require a GEMINI_API_KEY. Ask the publisher to correct metadata and explain why a key is needed. - Privacy & policy risk: The skill captures screenshots and optional video of other people's dating profiles and instructs you to save/send detailed reports including identifying information and images. This may violate Hinge's Terms of Service and the privacy of the people shown. If you use this, you may risk account suspension or legal/ethical problems. - Secret handling: The SKILL.md explicitly tells you to hardcode GEMINI_API_KEY into cron payloads. Do not hardcode secrets in cron or scripts. Use a secure secret store or environment variable configured safely. The script also calls the Gemini API with the key in the URL (curl ?key=...), which can be logged — request that be changed to an Authorization header. - Data exfiltration surface: The code uploads screenshots to Gemini. Confirm the endpoint and how data is used by the API provider. If you must proceed, limit screenshots (blur faces, redact), avoid storing or sending videos, and rotate the API key frequently. - Transparency & provenance: The skill has no listed homepage and an unknown source; that reduces accountability. Ask the author for the full, untruncated source (I saw the file truncated in the review) and for a public code repository so you can audit it fully. - If you still want to use it: (1) do not hardcode keys in cron; use a secure mechanism; (2) update the script to use Authorization headers and avoid query-string keys; (3) remove or disable automatic uploading/sharing of videos and detailed personal data; (4) test in an isolated environment and use a throwaway Hinge account to avoid compromising your main account; (5) request the complete source and a security/privacy rationale from the author. Confidence note: I give this a 'suspicious' verdict with medium confidence because the visible code and SKILL.md are consistent with the described functionality but contain insecure and privacy-invasive guidance and a metadata mismatch; the file was truncated during review, so a full audit of the script may reveal additional issues.

Review Dimensions

Purpose & Capability: noteThe skill's code and SKILL.md match the claimed purpose: controlling an Android emulator via adb, taking screenshots, sending them to Google Gemini for analysis, and liking/providing comments. However, the registry metadata claims 'Required env vars: none' and 'Primary credential: none', while both SKILL.md and the script require GEMINI_API_KEY — this metadata mismatch is an incoherence and should be corrected/clarified. Source/homepage are unknown which reduces transparency.
Instruction Scope: concernInstructions explicitly tell the agent to capture full-profile screenshots, optionally record sessions, save logs/videos, and send a detailed text report after each session (including names/ages/reasons and which content was liked). They also recommend hardcoding GEMINI_API_KEY into cron payloads. Collecting, storing, and transmitting other people's photos and profile data is significant privacy-sensitive data collection and may violate Hinge terms of service and user consent. The cron/key guidance encourages insecure secret handling. Overall the runtime instructions go beyond simple automation into collecting and exporting sensitive content.
Install Mechanism: okThis is an instruction-only skill with an included Python script; there is no install spec that downloads/extracts third-party binaries. That reduces install-time risk. The script expects common tools (adb, emulator, curl) already present.
Credentials: concernThe SKILL.md and code require GEMINI_API_KEY (and optionally ADB_PATH / HINGE_WORK_DIR), but the registry metadata lists no required env variables — a clear inconsistency. Requiring a Gemini API key is proportionate to calling Gemini, but the SKILL.md's recommendation to hardcode the key into cron payloads is insecure and disproportionate. The script also sends images to an external API (Gemini) with the API key placed in the URL query string (curl ... ?key=...), which is poor practice and may leak keys via logs.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. SKILL.md encourages scheduling as a daily cron which would create persistent, automated scraping runs — that increases blast radius but is a user decision rather than an explicit skill privilege. Still, the combination of suggested automation + insecure secret handling is risky and merits caution.