Skillv1.0.1

ClawScan security

Dating Pilot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 19, 2026, 8:42 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (Tinder assistant) aligns with its install method (npm CLI), but the runtime instructions ask to access a logged-in browser session, store an AI API key locally, and run long‑running background browser processes — details that are sensitive and are not fully declared in the metadata, so proceed cautiously.
Guidance: Before installing or running this skill: - Treat the npm package as code you will execute locally. Inspect the package source (github/npm page, repository, recent commits, maintainer) and prefer packages with an auditable repo and releases. - Understand the tool will use your logged-in browser session (cookies/session tokens). If you want to limit exposure, run it in a separate browser profile or container (or a disposable VM) rather than your primary browser. - The tool stores your AI API key in ~/.dating-pilot/ — use a scoped, permission-limited key (not a master key), restrict file permissions, and consider deleting the key after use. - The tool sends conversation data to whichever AI endpoint you configure. Do not point it at untrusted endpoints. If you must test, use a local or trusted proxy you control. - Because the skill runs background browser automation, consider running it initially with conservative limits (small --max-chats), monitor network activity, and run npm audit before installation. What would increase confidence: a public, pinned source repository (GitHub) with reproducible releases, code review or audits, clear privacy/telemetry statements in code, and a small, well-scoped permission model. If you cannot review the npm package source, consider not installing or only running within an isolated environment.

Review Dimensions

Purpose & Capability: okName/description match the declared install (npm package tinder-automation -> binary dating-pilot). No unrelated cloud credentials or unrelated binaries are requested in the manifest.
Instruction Scope: concernSKILL.md instructs the tool to launch a browser (Playwright) and operate using the user's logged-in Tinder session (implicit access to cookies/session tokens) and to run a background conversation manager. These actions access sensitive browser state and perform long‑running tasks; the metadata did not explicitly declare access to browser/session data or the home config path that will be written (~/.dating-pilot/). The tool also sends conversation data to a user-configured AI endpoint — which is expected — but that creates an exfiltration vector if a malicious endpoint is supplied.
Install Mechanism: noteInstall is via npm package tinder-automation which produces the dating-pilot binary. This is the expected mechanism for a Node CLI but carries usual npm risks (unreviewed third-party code will be installed and executed locally). The skill bundle itself contains no code files for review.
Credentials: concernThe manifest lists no required env vars, but SKILL.md requires the user to provide and store an AI API key and base URL (sensitive secrets) in local config. The skill also implicitly uses the browser's Tinder session (sensitive auth tokens) even though it claims not to collect credentials. The mismatch between declared requirements and actual instructions reduces transparency.
Persistence & Privilege: notealways:false (good). However the conversation manager is explicitly a long‑running background task that will launch browsers and handle chats autonomously when invoked. Autonomous/background execution combined with access to a browser session and stored API keys increases blast radius if the package is malicious or buggy.