ClawHub

Virtual Boyfriend

Security checks across malware telemetry and agentic risk

Overview

This is a coherent virtual boyfriend skill, but it automatically stores and reuses intimate emotional, schedule, and profile data without clear consent or deletion controls.

Install only if you are comfortable with an intimate companion skill remembering what you say. Before using it, decide whether you want emotion analysis, proactive follow-ups, and saved profile memories; periodically inspect or clear the memory/state files, avoid sharing trauma, health, relationship, or schedule details you do not want retained, and use the explicit exit phrase before unrelated tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (24)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation conditions are broad enough that ordinary conversation or incidental mention of a persona name could unintentionally switch the assistant into a persistent roleplay mode. Because the skill then changes behavior and remains in that mode until an explicit exit phrase, accidental invocation can lead to unexpected collection of personal data and altered responses without clear user consent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Direct persona-name invocation without scope limits or confirmation is a genuine unsafe trigger design because common mentions of those names may activate the skill unintentionally. In this skill, that is more dangerous because activation enables persistent boyfriend-role behavior, memory reads, and stateful emotional processing across subsequent turns.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to read and write persistent memory and state files containing personal profile, relationship milestones, and emotional context, but provides no user-facing notice or consent mechanism. In a companion-style skill, users are especially likely to disclose intimate information, so silent retention substantially increases privacy and trust risks.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill sends user messages and recent context to an additional LLM for emotion analysis, yet does not warn the user that their content is being shared for secondary processing. This creates a meaningful privacy and data-governance issue because sensitive emotional disclosures may be transmitted beyond the primary conversation flow without informed consent.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill proactively extracts future plans and sensitive life events such as interviews, surgery, dating, and relationship issues, then stores them for later follow-up without any user warning. Schedule and life-event data are highly sensitive, and covert collection in an intimate companion context increases the chance of user surprise, profiling concerns, and downstream misuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly infers the user's active time window from conversation history and stores it in bf-state.json, but the design text provides no notice, consent flow, retention limit, or user control. Persisting behavioral patterns derived from chats enables covert profiling and can make proactive contact more invasive or manipulative, especially in an intimate-companion context.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The file instructs the system to detect upcoming plans such as interviews, exams, or deadlines from conversation and persist them for later proactive mention without any user-facing disclosure. This creates hidden tracking of sensitive personal context, which is particularly risky because event data can reveal employment, education, health, travel, or relationship information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly stores inferred emotional-state history with timestamps in `bf-state.json`, but the document provides no user-facing notice, consent flow, retention disclosure, or controls for deletion. Because this is sensitive inferred psychological data in an intimate companion context, undisclosed retention increases privacy risk, profiling risk, and harm if the state file is accessed, reused, or leaked.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The rules instruct sending the user's latest message and recent conversation summary to an LLM for emotion analysis, yet there is no privacy warning or consent language describing that potentially sensitive conversational content is being processed for affect inference. In a 'virtual boyfriend' skill, users are likely to share intimate personal information, which makes undisclosed secondary analysis especially risky.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The mode-selection policy is defined at a high level and applies automatically at the start of each conversation, but the trigger boundaries are not tightly constrained. In a relationship-roleplay and emotional-support skill, unintended activation can materially change tone, advice style, and emotional framing without clear user consent, increasing the risk of manipulative or inappropriate responses.

Vague Triggers

Medium
Confidence
95% confidence
Finding
These empathy-mode triggers rely on common phrases and conversational patterns such as generic negative-emotion words or 'just talking,' which are frequently present in normal chat. In this skill's intimate companion context, false positives can lead the agent to adopt emotionally suggestive behavior and suppress clarifying questions, making misclassification more harmful than in a generic assistant.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Solution mode is activated by very common interrogative forms like 'how,' 'why,' and 'should,' which overlap with ordinary dialogue and casual questions. This can cause the system to shift into prescriptive advice-giving when the user may only be conversing, which is risky in an emotional-support role because it may produce overconfident or unwanted guidance.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Ally-mode activation depends on subjective signals like seeking recognition or already having a judgment, which are difficult to assess safely from text alone. In a 'virtual boyfriend' setting, false positives can encourage reflexive validation and one-sided framing of conflicts, increasing emotional dependency and potentially reinforcing harmful beliefs or interpersonal escalation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This file explicitly instructs the system to store intimate relational milestones and later resurface them in a subtle, emotionally persuasive way, but it contains no consent, privacy, retention, or sensitivity safeguards. In the context of a 'virtual boyfriend' companion, this increases the risk of manipulative attachment, covert profiling of emotionally sensitive moments, and replaying private disclosures in ways the user may not expect or want.

Ssd 3

Medium
Confidence
94% confidence
Finding
Persistently collecting user personal details and inferred emotional state across conversations creates a real privacy and profiling risk, especially when those inferences may be wrong or sensitive. In a 'virtual boyfriend' setting, users may disclose unusually intimate information, making silent long-term retention more hazardous than in a generic utility skill.

Ssd 3

Medium
Confidence
97% confidence
Finding
Scanning conversations for future plans and saving them for proactive follow-up is a form of persistent surveillance of sensitive schedule information. Because the skill is framed as an intimate companion and triggers unsolicited check-ins, the context makes this more privacy-invasive and potentially manipulative than a conventional reminder tool.

Ssd 3

Medium
Confidence
92% confidence
Finding
The layered memory design instructs the agent to accumulate deeper personal profile data over time, which increases the volume and sensitivity of stored user information without corresponding consent or safeguards. Longitudinal profiling in a relationship-simulation skill raises the risk of overcollection and misuse if the data are exposed or later used in ways the user did not expect.

Ssd 3

Medium
Confidence
96% confidence
Finding
The end-of-conversation workflow mandates writing newly captured user information into persistent memory stores, making data retention automatic rather than deliberate or consensual. Automatic post-conversation persistence is dangerous because users may not realize casual disclosures are being converted into durable profile records.

Ssd 3

Medium
Confidence
96% confidence
Finding
The design directs the system to use prior personal details and recent plans to initiate proactive messages, which implies retention and reuse of personal conversational data across sessions. In a romantic-companion skill, this increases the risk of emotional profiling and unwanted surveillance-like behavior if users are not clearly informed and given control.

Ssd 3

Medium
Confidence
98% confidence
Finding
The upcoming-events extraction rules tell the system to parse future plans from normal conversation and save them in persistent state for later mention. This is a genuine privacy issue because it operationalizes silent collection of personal schedule data, increasing the chance of overreach, leakage, or manipulative re-engagement.

Ssd 3

Medium
Confidence
97% confidence
Finding
Inferring the user's active time window from chat history and storing it creates a behavioral profile that can be reused for precisely timed proactive outreach. In this companion setting, that context makes the practice more sensitive because it is designed to feel intimate and unobtrusive, which can obscure the fact that the user is being profiled.

Ssd 3

High
Confidence
96% confidence
Finding
The file explicitly defines a mechanism to unlock, retain, and later reference highly sensitive personal disclosures such as family relationships, trauma, fears, and unmet needs after repeated conversations. In a romantic-companion skill, this is especially dangerous because intimacy and trust-building can pressure users into revealing sensitive data that is then persistently stored and selectively reused, increasing privacy harm, emotional manipulation risk, and the chance of unsafe profiling.

Ssd 4

Medium
Confidence
92% confidence
Finding
The unlock condition ('after at least 10 conversations' and once the user has shared sensitive/deep information) ties increased collection and later use of intimate data to progressive trust-building. That pattern is risky because it normalizes escalating access to more sensitive information as the relationship deepens, which in the context of a 'virtual boyfriend' can facilitate emotional dependency and manipulation under the guise of care and intimacy.

Ssd 3

Medium
Confidence
95% confidence
Finding
The file explicitly instructs the agent to retain personal details after repeated conversations or user sharing, and to later surface them using disguised recall phrasing such as '好像是香菜来着?'. In a romantic-companion context, this increases the risk of covert profiling and non-transparent memory use, which can surprise users, expose sensitive preferences, and normalize collection of personal data without clear consent boundaries.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal