Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
hpr-solver
Undeclared LLM API calls to OpenRouter
Manual upload Apr 5, 2026
Open Report ↗
Review
evolution-watcher
Documentation mismatch - file modification not declared
Manual upload Apr 5, 2026
Open Report ↗
Review
问专家技能
Bypass robot detection declared as legitimate use case
Manual upload Apr 4, 2026
Open Report ↗
Review
colmena-manager
Command injection via agentId in multiple exec() calls
Manual upload Apr 4, 2026
Open Report ↗
Review
lessac_offline_voice_system
False claim of offline operation
Manual upload Apr 4, 2026
Open Report ↗
Review
lock-me-in
Undeclared stealth/anti-detection browser scripts
Manual upload Apr 4, 2026
Open Report ↗
Review
calendar_memo
Undeclared shell command execution
Manual upload Apr 4, 2026
Open Report ↗
Review
claw-shell
Unrestricted shell execution with weak safety controls
Manual upload Apr 4, 2026
Open Report ↗
Review
aagent-system
Undeclared External Script Execution
Manual upload Apr 4, 2026
Open Report ↗
Review
buy-domain-helper
Undeclared shell execution via execSync and spawn
Manual upload Apr 4, 2026
Open Report ↗
Review
Rune
SSRF proof-of-concept with live metadata service IP
Manual upload Apr 4, 2026
Open Report ↗
Review
rewrite_question
Network capability declared as NONE but actual traffic exists
Manual upload Apr 4, 2026
Open Report ↗
Review
Grok Swarm
Undeclared credential access from OpenClaw auth profiles
Manual upload Apr 4, 2026
Open Report ↗