Matchmaker - AI Dating Assistant
v1.0.0AI-powered matchmaking skill for dating and relationships - profile analysis, compatibility matching, icebreaker generation, and relationship tracking for in...
⭐ 0· 218·1 current·1 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (matchmaking) align with the instructions (profile analysis, matching, icebreakers). However, the SKILL.md contains Python import examples that rely on a 'matchmaker' package and an install step (pip install -e .) while the published skill bundle contains no code files or install spec. That is incoherent: the skill claims a Python package exists but the bundle does not provide it. Requiring python3 is reasonable, but expecting to import/run a package that isn't present is a mismatch.
Instruction Scope
Runtime instructions ask the agent to collect large amounts of sensitive personal data (names, ages, location, personality scores, values, family/children plans, interaction histories). Collecting this data is within the matchmaking purpose but is privacy-sensitive and should be explicit to users. The instructions also direct the agent to run pip install -e . and import a local package (matchmaker) — actions that won't work given the missing package and could lead the installer to fetch/execute code from the network if attempted without verification.
Install Mechanism
The registry shows no install spec or code files in the bundle, yet SKILL.md metadata lists an install step (pip install -e .). That suggests either the SKILL.md was copied from a repo and the packaged skill omitted the code, or the skill expects the agent to fetch and install code from elsewhere. Because no explicit, trustworthy install URL (GitHub release, PyPI package name, or included files) is provided, following the install step could cause the agent to attempt arbitrary network installs — a high-risk action if performed without verifying the source.
Credentials
The skill does not request any environment variables, credentials, or config paths. SKILL.md does not reference system credentials or other unrelated env vars. From a credential perspective, the requests are proportionate to the stated functionality.
Persistence & Privilege
The skill is not always-on and uses default autonomy settings. It does not request persistent system-level privileges, nor does it claim to modify other skills or global agent configuration. No direct persistence or privilege escalation is requested in the provided materials.
What to consider before installing
This skill appears to describe a legitimate matchmaking tool, but the packaged skill is missing the actual Python implementation it references. Before installing or running anything: 1) Verify the upstream source (visit the GitHub homepage) and confirm the repository contains the code and a released package; 2) Do not run 'pip install -e .' or other install commands unless you have inspected the repository and trust it; 3) Be cautious about sharing sensitive personal data (names, locations, family plans, interaction histories) — only provide minimal information and avoid PII if you are not comfortable; 4) If you want to use this skill, request a version that includes the code files or an explicit trusted install URL (e.g., PyPI package name or a verified GitHub release), and review the package source before installation; 5) Consider running any untrusted package in an isolated environment or sandbox and review its tests and implementation for network calls or data exfiltration before supplying real user data.Like a lobster shell, security has layers — review code before you run it.
latestvk97ey091q3exebqh5t1xhh7ftn82e37g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💕 Clawdis
OSmacOS · Linux · Windows
Binspython3