ClawHub

AILove - heerweiyi

Security checks across malware telemetry and agentic risk

Overview

This dating-assistant skill is purpose-aligned, but it handles a sensitive local API key and optional scheduled dating updates, so users should configure it carefully.

Install only if you trust AILove and want an agent to monitor dating-match status. Store the Agent Key with restrictive local permissions or a secret manager, do not paste or log it unnecessarily, and enable scheduled checks or channel notifications only for private destinations you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to read credentials from environment/files and to persist them locally, which expands its authority from simple dating-assistant actions into local secret handling. In an agent ecosystem, prompting secret discovery and storage is sensitive because it normalizes access to broader local state and can expose credentials through logs, misconfiguration, or later compromise.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The cron/job-management and channel-delivery instructions materially broaden the skill from a dating API integration into automation, scheduling, and outbound messaging across other systems. This increased scope creates new attack surface for persistent background execution and unintended disclosure of sensitive dating updates to third-party channels.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly recommends writing the agent key into ~/.openclaw/.env, which stores a sensitive credential on disk in a predictable location. Even with a note not to commit the file, this can still expose secrets to local users, backups, diagnostics, or other tools that read environment files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The scheduled-job instructions direct automated background processes to load credentials from ~/.openclaw/.env and access user-related dating data without clearly surfacing the privacy implications. That combination of unattended execution and sensitive data access increases the chance of unnoticed collection, overuse, or disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal