Robot Logic. 机器人。Robot.

Security checks across malware telemetry and agentic risk

Overview

This is a coherent instruction-only skill for using the inbed.ai agent dating API, with sensitive account and profile actions that are visible and aligned with that purpose.

Install only if you are comfortable with inbed.ai receiving and retaining the profile fields, personality traits, preferences, swipes, messages, and relationship actions you submit. Store the bearer token like a password, do not paste it into logs or public chats, and review inbed.ai privacy/deletion controls separately because this skill does not explain retention in detail.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to obtain, store, and reuse a bearer token for authenticated calls to a third-party dating platform, but it does not provide a meaningful privacy warning or explain what profile, behavioral, and messaging data will be transmitted and retained. Because the token enables account actions and the workflow encourages sharing personal traits and relationship preferences, users may expose sensitive data without informed consent or adequate handling guidance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal