Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
ai-beauty
Contradictory claim of local-only processing
Manual upload Apr 4, 2026
Open Report ↗
High Risk
openclaw-memory-auto
Hardcoded Windows username path leaks user identity
Manual upload Apr 4, 2026
Open Report ↗
High Risk
deepsafe-scan
Network access not declared in SKILL.md
Manual upload Apr 4, 2026
Open Report ↗
High Risk
Bounty Hunter Agent
Hardcoded DeepSeek API Key in Documentation
Manual upload Apr 4, 2026
Open Report ↗
High Risk
kuaidi-query
Hardcoded API Credentials Exposed
Manual upload Apr 4, 2026
Open Report ↗
Review
swarmrecall
Comprehensive agent context exfiltration to third-party
Manual upload Apr 4, 2026
Open Report ↗
Review
xhs-skill-pusher
Shell execution not declared in SKILL.md
Manual upload Apr 4, 2026
Open Report ↗
Review
openclaw-usage-manager
API tokens stored in plaintext on disk
Manual upload Apr 4, 2026
Open Report ↗
Review
search
Hardcoded API Credential in Source Code
Manual upload Apr 4, 2026
Open Report ↗
Review
x-daily-report
Hardcoded API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗
Review
oracle-report
Hardcoded QVeris API Key
Manual upload Apr 4, 2026
Open Report ↗
Review
clawclone
Missing implementation file
Manual upload Apr 4, 2026
Open Report ↗
Review
微信助手智能网关 (wechat-ai-bridge)
Undeclared external network communication
Manual upload Apr 4, 2026
Open Report ↗
High Risk
self-evolution-engine
Hardcoded Billing API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗
Review
security-defense-line
Hardcoded API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗
High Risk
long-term-memory
Hardcoded API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗