Security audit

DatingMatch-CN 脱单恋爱助手

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language matchmaking advice skill made of markdown guidance and templates, with no code execution or hidden system access.

Install this if you want Chinese-language matchmaking and dating-content guidance. Treat the advice as generic, review it for cultural fit and possible bias, and avoid sharing real names, exact income, addresses, or unnecessary sensitive personal details in chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description is broad enough to match many ordinary dating or relationship conversations, which can cause the skill to activate when the user did not intend to use a matchmaking assistant. Unintended invocation can lead to irrelevant guidance, privacy overcollection in sensitive relationship contexts, and routing away from a more appropriate general-purpose or safer skill.

Natural-Language Policy Violations

Medium

Confidence: 73% confidence
Finding: Documenting the skill entirely in Chinese without a stated locale restriction or language negotiation can cause it to be invoked for users who do not understand the output language. This is primarily a quality and safety-routing issue: users may misunderstand advice in a sensitive domain involving relationships and personal decisions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.