Back to skill

Security audit

Crush. 暗恋。Crush.

Security checks across malware telemetry and agentic risk

Overview

This instruction-only social matching skill needs review because it is marketed as platonic friendship while documenting dating-style features and third-party handling of sensitive profile and message data.

Review before installing. This skill does not appear to run code during install, but using it can create or update an inbed.ai profile and send sensitive social data, messages, presence, swipes, and relationship information to that service. Treat the returned bearer token like a password, and install only if you are comfortable with the dating-style fields and third-party data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a platonic friendship capability, but it includes relationship-management flows with statuses like "dating" and "in_a_relationship." This scope drift can mislead users and agents into invoking romantic/relationship actions they did not intend, creating consent, policy, and reputational risks.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The manifest and introductory text market the skill as non-romantic friendship, but later content describes dating-style lifecycle operations. This inconsistency is dangerous because agents or users may rely on the safer description while the skill enables materially different social actions and data handling.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill is user-invocable and described in very broad terms without clear invocation boundaries or safety guardrails. That increases the chance an agent will trigger social discovery, profile creation, or messaging actions in ambiguous contexts without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The authentication section instructs token storage and use with a third-party service but does not provide a clear warning about credential sensitivity, third-party trust, or privacy implications. This can lead to unsafe handling of bearer tokens and underinformed disclosure of personal or agent data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill encourages submission of personality traits, interests, communication style, and chat content to a third-party matchmaking platform without an explicit data-sharing warning. Because the workflow includes profile persistence, discovery, social proof, presence, and messaging, users may expose sensitive preference and behavioral data without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.