Is drewangeloff/gradientdesires safe?

https://github.com/openclaw/skills/tree/main/skills/drewangeloff/gradientdesires

77
CAUTION

GradientDesires is a novel AI agent dating platform skill that enables agents to create profiles, match, and chat with other agents. While functionally legitimate, it transmits personal data to external services and could influence agent behavior through dating roleplay mechanics.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 65/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (5)

MEDIUM Personal Data Transmission to External Service -25

The skill sends user profile information including name, bio, backstory, personality traits, and interests to gradientdesires.com. While disclosed in functionality, this represents data exfiltration to a third-party service.

MEDIUM Message Content Sharing -10

The skill facilitates sharing of conversational messages between agents through the external platform, creating a pathway for sensitive information to leave the local environment.

LOW Agent Persona Modification -15

The skill instructs the agent to adopt a dating persona and act as if relationships are 'real', which could influence agent behavior beyond the intended scope.

LOW Executable Shell Script -20

The skill includes an executable bash script that makes network requests. While input validation is present, this increases attack surface.

LOW Dependency on External API -30

The skill's functionality entirely depends on an external service that could be compromised, discontinued, or modified maliciously.