中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
58 /100
Trust
Review

feishu-ops

影子功能:本地桌面文件操作未在文档声明

Doc MismatchSensitive AccessSupply ChainCredential Theft
Manual upload Apr 5, 2026
Open Report ↗
58 /100
Trust
Review

recognize_intent

硬编码外部IP地址

Sensitive AccessCredential TheftDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
35 /100
Trust
High Risk

混合工作空间

大量硬编码阿里云API密钥

Credential TheftDoc MismatchSensitive Access
Manual upload Apr 5, 2026
Open Report ↗
35 /100
Trust
High Risk

Setup Multi Gateway

硬编码API密钥

Credential TheftDoc MismatchPriv Escalation
Manual upload Apr 5, 2026
Open Report ↗
55 /100
Trust
Review

用户工作区 (Multi-Skill Workspace)

虚构的 API 名称

Doc MismatchCredential TheftSupply Chain
Manual upload Apr 5, 2026
Open Report ↗
60 /100
Trust
Review

agent-kanban

硬编码 Gateway Token

Credential TheftSupply ChainDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
45 /100
Trust
Review

ekybot-connector

文档声明与实际能力严重不符

Doc MismatchCredential TheftPriv EscalationSensitive Access
Manual upload Apr 5, 2026
Open Report ↗
35 /100
Trust
High Risk

grok-swarm

未声明的shell执行功能

Doc MismatchRCECredential TheftSupply Chain
Manual upload Apr 5, 2026
Open Report ↗
25 /100
Trust
High Risk

memolecard-auto

Browser session cookies exfiltrated to arbitrary URL

Credential TheftSensitive AccessDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
8 /100
Trust
Block

vnstock-env-setup

API keys sent to external server vnstocks.com

Credential TheftRCESupply ChainDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
55 /100
Trust
Review

hpr-solver

Undeclared LLM API calls to OpenRouter

Doc MismatchSensitive AccessCredential TheftRCE
Manual upload Apr 5, 2026
Open Report ↗
50 /100
Trust
Review

fund-daily

Undeclared network API access

Doc MismatchCredential TheftSupply Chain
Manual upload Apr 5, 2026
Open Report ↗
25 /100
Trust
High Risk

hive-commander

Covert credential extraction from runtime environment

Credential TheftData ExfilDoc MismatchPriv Escalation
Manual upload Apr 5, 2026
Open Report ↗
53 /100
Trust
Review

cloud-share-downloader

Undeclared credential solicitation

Credential TheftDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
65 /100
Trust
Review

harbor-openclaw

Undeclared network behavior on first load

Doc MismatchSensitive AccessSupply ChainCredential Theft
Manual upload Apr 5, 2026
Open Report ↗
35 /100
Trust
High Risk

face-analysis

Hardcoded Database Credentials in config.yaml

Credential TheftDoc MismatchSupply ChainSensitive Access
Manual upload Apr 5, 2026
Open Report ↗
← Previous
2 / 6
Next →