Back to skill

Security audit

Dice

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local game-log utility with imperfect dice functionality, but its storage and export behavior are disclosed and there is no evidence of network exfiltration, credential access, privilege escalation, or destructive actions.

Install only if you are comfortable with a simple local game activity logger rather than a fully functional dice roller. Do not enter secrets or unrelated private notes, because command text may remain in plaintext under ~/.local/share/dice and can be searched or exported later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill advertises itself as a dice-rolling and score-tracking utility, but the documented behavior is primarily arbitrary local logging, export, search, and status inspection. This mismatch can cause users or orchestrators to invoke the skill under false assumptions, leading to unintended persistence of user input and exposure of local activity/history data through export and search features.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The script provides bulk export of all stored logs to plaintext JSON/CSV/TXT files, but this capability is not disclosed in the skill description. Because the tool persistently stores raw user inputs, export materially increases the chance that sensitive game notes, names, or accidentally entered secrets are exposed or redistributed without user awareness.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description uses broad trigger language such as using the skill for rolling dice, tracking scores, ranking players, and reviewing history without clear boundaries for when it should or should not be invoked. In agent environments, vague invocation criteria can cause over-selection of the skill and unnecessary logging or handling of user content that was not intended for this tool.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented reset capability affects locally stored data, but the markdown provides no warning about destructive effects or whether reset is reversible. This creates a realistic risk of accidental data loss, especially in agent-driven or automated use where commands may be selected without interactive confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persistently logs arbitrary user input to files under the user's home directory without prominent disclosure or consent. In a natural-language agent workflow, users may enter names, notes, scores, or even secrets by mistake, and those values are retained in plaintext for later viewing, searching, and export.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill stores all user-provided inputs in plaintext and then exposes them through search, recent-history, status, and export functions, which broadens the attack surface for unintended disclosure. In this skill context, the danger is elevated because the tool looks harmless and game-focused, making users less likely to realize that every input may be retained and surfaced later.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.