ClawHub

Roll

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it needs review because it confuses which Roll service it controls while enabling authenticated account actions.

Install only if you can confirm exactly which Roll product and account this connects to. Use a least-privileged account, prefer discovered Membrane actions over raw proxy requests, and require explicit approval before any write, delete, payroll, financial, purchase, or organization-changing operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill’s stated purpose, manifest description, and body content materially conflict: it claims to manage organizations, then describes payroll software, then introduces unrelated dice/roll concepts. This kind of scope confusion is dangerous because it can cause an agent to select and use the skill in the wrong context, potentially operating on unintended systems or data while exposing users to arbitrary external actions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented proxy feature enables authenticated requests to arbitrary API endpoints, which exceeds the declared 'Manage Organizations' purpose and weakens least-privilege expectations. In an agent setting, this can let the skill be repurposed for broader data access or state-changing operations that were never clearly disclosed to the user.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation contradicts itself about what the integration is and what entities it manages, mixing payroll claims with dice/roll abstractions. This ambiguity increases the chance of incorrect tool invocation, unsafe assumptions about returned data, and accidental access to sensitive business or financial information under a misleading label.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation language is broad enough that an agent may invoke the skill whenever a user mentions 'Roll data' or organizations, without a precise boundary on allowed tasks. Over-broad triggers are risky because they can cause unintended external connections and actions in situations where the user did not clearly request this integration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal