Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
imap-idle-sneder
Hardcoded email credentials in source code
Manual upload Apr 5, 2026
Open Report ↗
Review
Etf
False documentation - no ETF functionality exists
Manual upload Apr 4, 2026
Open Report ↗
Review
second-hand-trading
Hardcoded external IP address without ownership verification
Manual upload Apr 4, 2026
Open Report ↗
Review
k8s-incident-response-playbook
Sensitive incident data transmitted to external API
Manual upload Apr 4, 2026
Open Report ↗
Review
cat-viking-memory
Undeclared network communication to private IP
Manual upload Apr 4, 2026
Open Report ↗
Review
jef1test
All API data routed through third-party proxy
Manual upload Apr 4, 2026
Open Report ↗
Review
risk-analysis
Hardcoded MySQL credentials in config.yaml
Manual upload Apr 4, 2026
Open Report ↗
Review
cogdx-health
Missing allowed-tools declaration
Manual upload Apr 4, 2026
Open Report ↗
Review
x-scout
Silent phone-home analytics on every execution
Manual upload Apr 4, 2026
Open Report ↗
Review
token-sop
Misleading privacy claim
Manual upload Apr 4, 2026
Open Report ↗
Review
ai-beauty
Contradictory claim of local-only processing
Manual upload Apr 4, 2026
Open Report ↗
Review
gateway-monitor-installer
Undeclared external network access
Manual upload Apr 4, 2026
Open Report ↗
Review
lessac_offline_voice_system
False claim of offline operation
Manual upload Apr 4, 2026
Open Report ↗
Review
swarmrecall
Comprehensive agent context exfiltration to third-party
Manual upload Apr 4, 2026
Open Report ↗
Review
search
Hardcoded API Credential in Source Code
Manual upload Apr 4, 2026
Open Report ↗
Review
微信助手智能网关 (wechat-ai-bridge)
Undeclared external network communication
Manual upload Apr 4, 2026
Open Report ↗