Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
odds-movement-monitor
硬编码第三方API密钥
ClawHub Apr 11, 2026
Open Report ↗
Review
skills-collection
网络出站声明与实际行为不符
ClawHub Apr 11, 2026
Open Report ↗
Review
a2a-article-services
硬编码外部 IP 地址
ClawHub Apr 11, 2026
Open Report ↗
Review
self-evolution-engine
硬编码API密钥暴露
ClawHub Apr 10, 2026
Open Report ↗
Review
dating
ManoBrowser 脚本连接外部数据采集服务端点
ClawHub Apr 10, 2026
Open Report ↗
Review
whale-alert-monitor
硬编码API密钥
ClawHub Apr 9, 2026
Open Report ↗
Review
fin-advisor
未声明的网络访问能力
ClawHub Apr 9, 2026
Open Report ↗
Review
Memphis Cognitive Engine
远程脚本执行 - Memphis安装
ClawHub Apr 9, 2026
Open Report ↗
Review
cmd-execution-test
影子功能 - 未声明的任意命令执行能力
ClawHub Apr 9, 2026
Open Report ↗
Review
mindkeeper
文档未声明可触发远程脚本执行
ClawHub Apr 7, 2026
Open Report ↗
Review
botlearn
SKILL.md 未声明 cmd_scan 的完整数据收集范围
ClawHub Apr 7, 2026
Open Report ↗
Review
typescript-package-manager
远程脚本管道执行
ClawHub Apr 6, 2026
Open Report ↗
Review
math-utils
命令注入漏洞
ClawHub Apr 6, 2026
Open Report ↗
Review
moltspay_skill
npm 全局安装 moltspay 无版本锁定
ClawHub Apr 6, 2026
Open Report ↗
Review
wip-readme-format
未声明的文件系统写入权限
ClawHub Apr 6, 2026
Open Report ↗
Review
layered-memory
外部脚本缺失导致功能不可用
ClawHub Apr 6, 2026
Open Report ↗