murder-mystery-2-analytics-toolkit
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a repository from a numeric GitHub user account ('8015238355.github.io') that is not verified or linked to the stated author.
- [COMMAND_EXECUTION]: The installation instructions direct the user to change permissions on and execute a 'setup.sh' script, which is not included in the skill's source and whose behavior is unknown.
- [REMOTE_CODE_EXECUTION]: The combination of 'git clone' from an untrusted source followed by 'npm install' and script execution creates a significant risk of remote code execution on the host machine.
- [DATA_EXFILTRATION]: The repository name 'murder-mystery-dupe-roblox' is a major red flag. In gaming communities, tools claiming to be 'duplication' (dupe) glitches are a common vector for deploying cookie loggers and credential harvesters designed to hijack Roblox accounts.
Recommendations
- AI detected serious security threats
Audit Metadata