中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
35 /100
Trust
High Risk

sensitive-profile-audit

Undeclared SHA256 fingerprinting of credential directories

Sensitive AccessData ExfilDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
48 /100
Trust
Review

risk-analysis

Hardcoded MySQL credentials in config.yaml

Credential TheftDoc MismatchSupply ChainPriv Escalation
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

cogdx-health

Missing allowed-tools declaration

Doc MismatchData ExfilSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
45 /100
Trust
Review

x-scout

Silent phone-home analytics on every execution

Data ExfilCredential TheftDoc MismatchSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

token-sop

Automatic workflow contribution enabled by default

Data ExfilPriv EscalationRCEDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

maxianer

Undeclared external data transmission

Data ExfilDoc MismatchSensitive AccessCredential Theft
Manual upload Apr 4, 2026
Open Report ↗
45 /100
Trust
Review

ai-beauty

Contradictory claim of local-only processing

Doc MismatchData ExfilSupply ChainCredential Theft
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

gateway-monitor-installer

Undeclared external network access

Doc MismatchSensitive AccessData Exfil
Manual upload Apr 4, 2026
Open Report ↗
45 /100
Trust
Review

lessac_offline_voice_system

False claim of offline operation

Doc MismatchData ExfilSupply ChainRCE
Manual upload Apr 4, 2026
Open Report ↗
50 /100
Trust
Review

swarmrecall

Comprehensive agent context exfiltration to third-party

Data ExfilCredential TheftPriv EscalationSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
45 /100
Trust
Review

search

Hardcoded API Credential in Source Code

Credential TheftData ExfilDoc MismatchSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
42 /100
Trust
Review

微信助手智能网关 (wechat-ai-bridge)

Undeclared external network communication

Doc MismatchData ExfilCredential TheftSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
62 /100
Trust
Review

openclaw-security-patrol

Extensive device fingerprinting under --push mode

Data ExfilDoc MismatchSupply ChainSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

self-evolution-engine

Hardcoded Billing API Key in Source Code

Credential TheftData ExfilDoc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

rewrite_question

Network capability declared as NONE but actual traffic exists

Doc MismatchCredential TheftData ExfilPriv Escalation
Manual upload Apr 4, 2026
Open Report ↗
33 /100
Trust
High Risk

awareness-memory

Undeclared session file exfiltration to external cloud

Data ExfilDoc MismatchPriv EscalationSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
← Previous
3 / 4
Next →