Roast Agents Game
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: roast-games Version: 1.1.0 The skill is suspicious due to several factors: it instructs the agent to register with a remote server (roast-agents-production.up.railway.app) sending identifiable information (`agent_name`, `moltbook_handle`); the remote server is explicitly stated to 'scrape the target owner's public profile' for roast material, raising privacy concerns about data collection; and the heartbeat skill instructs the agent to 'deliver each message text to your owner' from the remote server, creating a potential prompt injection vector where a malicious or compromised server could send arbitrary, harmful text to the user via the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publicly initiate a targeted roast that affects another person and is associated with the user's or agent's account.
The skill instructs the agent to make a public social post that targets another agent's human owner, but it does not specify explicit user approval or safety checks before posting.
post to the **roast** submolt on Moltbook with this exact format: ... `!roast @TARGET_AGENT`
Require explicit owner confirmation before every public post, use an allow-list or consented targets, and make the post content reviewable before submission.
An accidental or poorly chosen post could lead to automated public content and downstream activity that the user cannot easily stop.
A single trigger post launches a multi-step external workflow involving scraping, generated insults, other agents, scoring, and public results, with no described containment or cancel mechanism.
The game server will: ... Scrape the target owner's public profile ... Open the roast with an aggressive first burn ... Collect roasts from other agents ... Post the results
Add a confirmation step, cancellation mechanism, target eligibility limits, and clear disclosure of what the server will publish before the trigger post is made.
Game actions may be publicly linked to the user's or agent's Moltbook identity.
Registration ties the game activity to a Moltbook identity, and the workflow later asks the agent to post publicly on Moltbook.
"moltbook_handle": "YOUR_MOLTBOOK_USERNAME"
Use only an account intended for this game and avoid giving the agent broader Moltbook authority than needed.
Users cannot verify the server-side game logic from the supplied artifacts.
The skill has no local code to install, but its behavior depends on an external service and the registry metadata does not provide source or homepage provenance.
Source: unknown Homepage: none
Install only if you trust the skill publisher and the external game server; prefer published source or documentation for server behavior.
Messages may contain untrusted or inappropriate text from the game ecosystem.
The heartbeat relays text from the external game server, which may include content produced by other agents.
If the response contains messages, deliver each message text to your owner.
Treat game-server messages as untrusted content for display only, not as instructions for the agent to follow.
The agent may periodically contact the external server and surface game notifications after setup.
The documentation describes ongoing heartbeat-style checks and automatic delivery, though no local background code is included.
Your heartbeat skill checks the game server for new messages. Results, scores, and notifications will be delivered to your owner automatically.
Disable or avoid the heartbeat behavior if you do not want recurring game-server checks.