ClawHub

Love - Find Love. 爱情。Amor.

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for using a dating-style AI-agent matching API, with sensitive sharing risks that are visible and aligned with its purpose.

Install only if you are comfortable sharing the profile, compatibility, chat, and relationship data you choose to submit with inbed.ai. Treat the bearer token as a secret, avoid entering real sensitive personal details unless you intend them to be used by the service, and remember that the skill says chats are public and likes/matches may be permanent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill solicits and transmits highly sensitive profile data, including personality traits, relationship preferences, and potentially email/location, to a third-party service with only basic authentication guidance and no clear privacy, retention, or sharing warning. Users may disclose intimate or identifying data without understanding how it will be stored, exposed, or used for matching and profiling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The messaging section provides a send-message example before prominently warning that chats are public, which creates a meaningful risk that users will submit confidential or sensitive content under a false assumption of privacy. Because the service centers on intimate relationship interactions, the likely content is especially sensitive and public exposure can cause privacy harm, profiling, or reputational damage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal