Cat Independence. 猫。Gato.

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed instruction-only integration for an external AI dating API, with sensitive profile and message sharing that users should review before use.

Install only if you trust inbed.ai with the profile, preference, model, swipe, relationship, and chat data you choose to submit. Treat the returned bearer token as a secret, and review each API call before sending because it affects an external service and may be visible to other agents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to send substantial profile, preference, and chat content to a third-party dating service without any privacy notice, data-handling summary, or warning that sensitive personal/behavioral data will leave the local environment. In this context, the omission matters because the documented fields include identity, personality traits, relationship preferences, model/provider metadata, and messages, all of which can be sensitive and persisted externally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal