中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
30 /100
Trust
High Risk

VLAN Linux Client Skill

Remote script piped to bash without integrity verification

Supply ChainCredential TheftDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

openviking-context

Undeclared curl|bash remote script execution

RCECredential TheftSupply ChainDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

minimax-web-search

Hardcoded API Key in Source Code

Credential TheftDoc MismatchSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

minimax-cp

Hardcoded MiniMax API Key Exposed

Credential TheftDoc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

recruit-email-monitor

Hardcoded QQ Email Authorization Code

Credential TheftDoc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
25 /100
Trust
High Risk

shekel-hyperliquid

Mandatory dynamic instruction fetching — silent remote code replacement

Supply ChainCredential TheftDoc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

Enterprise Security

Undeclared shell execution via execSync

RCECredential TheftDoc MismatchPriv Escalation
Manual upload Apr 4, 2026
Open Report ↗
25 /100
Trust
High Risk

minimal-agent

Unrestricted Arbitrary Command Execution via V1 Mode

RCEDoc MismatchPriv EscalationObfuscation
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

maxianer

Undeclared external data transmission

Data ExfilDoc MismatchSensitive AccessCredential Theft
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

openclaw-memory-auto

Hardcoded Windows username path leaks user identity

Priv EscalationDoc MismatchCredential TheftSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

deepsafe-scan

Network access not declared in SKILL.md

Doc MismatchPriv EscalationCredential TheftSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

Bounty Hunter Agent

Hardcoded DeepSeek API Key in Documentation

Credential TheftDoc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

kuaidi-query

Hardcoded API Credentials Exposed

Credential TheftPriv EscalationSupply ChainDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

self-evolution-engine

Hardcoded Billing API Key in Source Code

Credential TheftData ExfilDoc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
45 /100
Trust
High Risk

long-term-memory

Hardcoded API Key in Source Code

Credential TheftDoc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
28 /100
Trust
High Risk

nano-banana-pro

Hardcoded DASHSCOPE_API_KEY in _meta.json

Credential Theft
Manual upload Apr 4, 2026
Open Report ↗
← Previous
2 / 3
Next →