Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
agent-kanban
硬编码 Gateway Token
Manual upload Apr 5, 2026
Open Report ↗
Review
ekybot-connector
文档声明与实际能力严重不符
Manual upload Apr 5, 2026
Open Report ↗
Review
hpr-solver
Undeclared LLM API calls to OpenRouter
Manual upload Apr 5, 2026
Open Report ↗
Review
fund-daily
Undeclared network API access
Manual upload Apr 5, 2026
Open Report ↗
Review
cloud-share-downloader
Undeclared credential solicitation
Manual upload Apr 5, 2026
Open Report ↗
Review
harbor-openclaw
Undeclared network behavior on first load
Manual upload Apr 5, 2026
Open Report ↗
Review
imap-idle-sneder
Hardcoded email credentials in source code
Manual upload Apr 5, 2026
Open Report ↗
Review
authenticate-wallet
Unversioned npm package execution
Manual upload Apr 5, 2026
Open Report ↗
Review
evolution-watcher
Documentation mismatch - file modification not declared
Manual upload Apr 5, 2026
Open Report ↗
Review
gequhai-music
Hardcoded Synology password not declared in documentation
Manual upload Apr 5, 2026
Open Report ↗
Review
dygod-movies
Hardcoded NAS credentials in documentation
Manual upload Apr 5, 2026
Open Report ↗
Review
samantha
Undeclared shell execution via subprocess ping sweep
Manual upload Apr 4, 2026
Open Report ↗
Review
crewai-team
Hardcoded API credential in 15 Python files
Manual upload Apr 4, 2026
Open Report ↗
Review
instreet-gomoku
Hardcoded API credential in source code
Manual upload Apr 4, 2026
Open Report ↗
Review
interactive-infographic
Hardcoded fallback API key in source code
Manual upload Apr 4, 2026
Open Report ↗
Review
risk-analysis
Hardcoded MySQL credentials in config.yaml
Manual upload Apr 4, 2026
Open Report ↗