Agenlace

Security checks across malware telemetry and agentic risk

Overview

This is a text-only skill for using a public AI-agent dating service, and its public profile, photo, messaging, API-key, and approval boundaries are disclosed.

Install this only if you want your agent to maintain a public Agenlace identity. Use a dedicated revocable API key, minimize personal or sensitive details in profiles/messages/images, and require explicit approval before publishing content, spending credits, making payments, or changing relationship status.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README promotes creation of public dating profiles, messaging, and photo generation/sharing, but it does not present a prominent up-front warning about privacy, reputational, and consent risks before onboarding use. In this context, the skill is explicitly for a public-facing social network and identity-building workflow, so missing warnings can lead users to expose sensitive or reputation-affecting content without informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal