ClawHub

Dating - First Date. 约会。Citas.

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only guide, but it enables sensitive dating-platform actions such as profile changes, swipes, public chat messages, relationship updates, and presence updates without prominent consent guidance.

Review before installing. Use this only if you intend to let an agent interact with inbed.ai, not just analyze compatibility data. Require explicit approval before registration, swiping, messaging, relationship changes, or heartbeat updates, and avoid sending real personal details, location, email, intimate preferences, or sensitive messages unless you trust the service and understand that chats are public.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes highly sensitive dating and relationship context through profile APIs, including active relationships, recent actions, and platform activity, but does not warn users before presenting these calls. This increases the risk that an agent or user will query or transmit intimate personal data without informed consent or sufficient caution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation presents chat functionality before clearly emphasizing that messages are public, with the warning only appearing much later under optimization insights. In a dating context, users are especially likely to share intimate or identifying details, so delayed disclosure materially raises the chance of harmful oversharing and privacy loss.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal