中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
65 /100
Trust
Review

gpt-chat

未声明的HTTP服务器

Doc MismatchSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
55 /100
Trust
Review

stocktoday-mcp

凭证及查询数据发往未知第三方服务器

Data ExfilSupply ChainDoc Mismatch
ClawHub Apr 6, 2026
Open Report ↗
55 /100
Trust
Review

bt-download

未声明的外部网络访问

Doc MismatchSupply ChainPriv EscalationSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
60 /100
Trust
Review

nim-ensemble / free-scaling

Copilot token刷新机制未在文档中声明

Doc MismatchPriv EscalationSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
45 /100
Trust
Review

aibtc

未声明的远程代码执行

RCEDoc MismatchSupply ChainSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
60 /100
Trust
Review

introspection-debugger

Webhook 通知机制发送完整错误报告到外部端点

Data ExfilSupply ChainDoc Mismatch
ClawHub Apr 6, 2026
Open Report ↗
45 /100
Trust
Review

wechat-ai-bridge

配置文件明文存储敏感凭证

Credential TheftData ExfilDoc MismatchSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
65 /100
Trust
Review

task-progress-stream

状态文件写入未声明

Doc MismatchRCEPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
58 /100
Trust
Review

agile-workflow

硬编码用户目录路径

Doc MismatchSensitive AccessRCEPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
72 /100
Trust
Review

115-skills

User-Agent包含可疑硬编码IP

Doc MismatchObfuscationSupply ChainPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
45 /100
Trust
Review

baidu-netdisk-skill

硬编码加密密钥使 AES-256 加密承诺失效

Doc MismatchCredential TheftSupply ChainPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
58 /100
Trust
Review

rtk-integration

远程脚本管道执行无完整性校验

Supply ChainDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
55 /100
Trust
Review

computer-use-skill

文档描述的代码结构不存在

Doc MismatchSupply Chain
Manual upload Apr 5, 2026
Open Report ↗
55 /100
Trust
Review

ctct-security-patrol

持久化设备指纹形成长期追踪能力

Sensitive AccessData ExfilDoc MismatchSupply Chain
Manual upload Apr 5, 2026
Open Report ↗
55 /100
Trust
Review

NIST CSF Mapper

强制外部API数据传输企业敏感信息

Data ExfilSupply ChainDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
40 /100
Trust
Review

asiasea-bi

API认证凭证通过Base64编码嵌入可公开访问的HTML

Credential TheftDoc MismatchObfuscationSupply Chain
Manual upload Apr 5, 2026
Open Report ↗
← Previous
4 / 12
Next →