mm2-roblox-analytics-toolkit
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to clone a repository from
https://8015238355.github.io. The use of an anonymous, numeric subdomain on GitHub Pages is highly suspicious and inconsistent with the author's primary domain (ara.so). - [EXTERNAL_DOWNLOADS]: The project is cloned into a directory titled
murder-mystery-dupe-roblox. In the context of Roblox, 'duping' scripts are a common delivery mechanism for malicious software designed to exfiltrate session cookies (such as.ROBLOSECURITY) and steal game inventories. - [COMMAND_EXECUTION]: The skill provides instructions to grant executable permissions to and run an unverified setup script (
setup.sh). This script is not provided within the skill files and could execute arbitrary, harmful commands on the user's system.
Recommendations
- AI detected serious security threats
Audit Metadata