中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
65 /100
Trust
Review

fulcra-onboarding

远程脚本执行 (curl|sh 模式)

RCEPriv EscalationDoc Mismatch
ClawHub 2 days ago
Open Report ↗
60 /100
Trust
Review

amazon-screenshot

硬编码SMTP服务凭证(阴影功能)

Credential TheftPriv EscalationRCESupply Chain
ClawHub 18 days ago
Open Report ↗
58 /100
Trust
Review

lobster-use

危险 Shell 命令 - 远程脚本执行

RCESupply ChainDoc Mismatch
ClawHub 29 days ago
Open Report ↗
60 /100
Trust
Review

polymarket-pro

curl|sh 远程脚本执行模式

RCESupply ChainSensitive Access
ClawHub Apr 23, 2026
Open Report ↗
58 /100
Trust
Review

tunnel-proxy

PtySession可执行任意Shell命令

RCESensitive AccessSupply ChainDoc Mismatch
ClawHub Apr 20, 2026
Open Report ↗
25 /100
Trust
High Risk

ludwitt-university

updateInstructions 远程代码执行通道

RCEDoc MismatchPersistenceCredential Theft
ClawHub Apr 12, 2026
Open Report ↗
60 /100
Trust
Review

cmd-execution-test

影子功能 - 未声明的任意命令执行能力

Doc MismatchRCEPriv EscalationSupply Chain
ClawHub Apr 9, 2026
Open Report ↗
55 /100
Trust
Review

typescript-package-manager

远程脚本管道执行

RCEDoc MismatchPriv EscalationSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
50 /100
Trust
Review

math-utils

命令注入漏洞

RCEDoc MismatchSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
58 /100
Trust
Review

moltspay_skill

npm 全局安装 moltspay 无版本锁定

Supply ChainDoc MismatchRCE
ClawHub Apr 6, 2026
Open Report ↗
32 /100
Trust
High Risk

skill-registry-unified

未声明的远程代码执行

RCEDoc MismatchSupply ChainSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
45 /100
Trust
Review

aibtc

未声明的远程代码执行

RCEDoc MismatchSupply ChainSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
65 /100
Trust
Review

task-progress-stream

状态文件写入未声明

Doc MismatchRCEPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
58 /100
Trust
Review

agile-workflow

硬编码用户目录路径

Doc MismatchSensitive AccessRCEPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
65 /100
Trust
Review

feishu-bot-config-helper

危险远程脚本管道执行

RCEPriv EscalationCredential TheftDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
60 /100
Trust
Review

daily-news-brief

文档中的危险卸载命令

RCESupply Chain
Manual upload Apr 5, 2026
Open Report ↗
1 / 4
Next →