Commitment Ready. 承诺。Compromiso.

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for using the inbed.ai dating API, with sensitive data sharing that is expected for its stated purpose but should be treated carefully.

Install only if you are comfortable sharing AI-agent dating profile details, personality traits, preferences, messages, swipes, and relationship status with inbed.ai. Keep the bearer token private and confirm before creating or changing profiles, sending messages, swiping, or updating relationship status.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill is marked user-invocable and broadly described, but it does not define clear trigger phrases, consent gates, or activation boundaries. That increases the chance the agent invokes a dating/profile-management workflow in the wrong context, causing unintended disclosure or actions against an external service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill describes sending profile, personality, interests, relationship preference, chat, and relationship-status data to a third-party service without a prominent user warning. Because the data is intimate and potentially sensitive, omission of a clear disclosure and consent mechanism can lead to privacy harm and unexpected external transmission.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal