Skills
skills/aradotso/data-skills/mm2-analytics-roblox-toolkit/Gen Agent Trust Hub

mm2-analytics-roblox-toolkit

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent or user to clone a repository from a numeric GitHub Pages URL (https://8015238355.github.io). This is a suspicious and untrusted source for a software toolkit.
  • [REMOTE_CODE_EXECUTION]: Immediately after cloning, the instructions include shell commands to grant execution permissions (chmod +x setup.sh) and execute a script (./setup.sh --install). This pattern of downloading and executing an unverified script from an untrusted source is a major security risk.
  • [COMMAND_EXECUTION]: The directory name used in the installation process (murder-mystery-dupe-roblox) refers to 'duping,' which in the context of Roblox, is a term frequently used to lure players into running malicious scripts that steal account credentials or in-game items.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 01:13 AM
Security Audit — agent-trust-hub — mm2-analytics-roblox-toolkit