ClawHub

Matchmaker - AI Dating Assistant

Security checks across malware telemetry and agentic risk

Overview

This dating assistant asks for sensitive relationship details, but the reviewed artifacts disclose that purpose and do not show hidden access, persistence, or data exfiltration.

Install only if you are comfortable using an AI assistant for dating guidance. Share the minimum details needed, avoid contact details or highly identifying information, anonymize other people unless they consent, and inspect any external Python code before running the documented pip install command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes analysis of highly sensitive personal, relationship, lifestyle, and personality data, but provides no privacy notice, retention limits, consent requirements, or handling safeguards. In a dating/matchmaking context this omission is significant because users may input intimate information whose exposure, misuse, or over-collection can lead to privacy harm, profiling, or discriminatory outcomes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation criteria are broad enough to match many ordinary conversations about dating, relationships, or personal guidance, which can cause the skill to activate outside clearly intended use cases. In a relationship-advice skill, that increases the chance of unsolicited collection or processing of sensitive personal data and may steer general conversation into a specialized workflow without clear user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal