Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
tesla-cn
所有 API 流量经第三方代理中转
Manual upload Apr 5, 2026
Open Report ↗
Review
xiayu
用户凭证直接收集存在风险
Manual upload Apr 5, 2026
Open Report ↗
Review
feishu-bot-config-helper
危险远程脚本管道执行
Manual upload Apr 5, 2026
Open Report ↗
Review
feishu-ops
影子功能:本地桌面文件操作未在文档声明
Manual upload Apr 5, 2026
Open Report ↗
Review
recognize_intent
硬编码外部IP地址
Manual upload Apr 5, 2026
Open Report ↗
Review
用户工作区 (Multi-Skill Workspace)
虚构的 API 名称
Manual upload Apr 5, 2026
Open Report ↗
Review
Obsidian Semantic Search
远程脚本执行 - uv 安装
Manual upload Apr 5, 2026
Open Report ↗
Review
Awesome Pentest
文档声明与实际代码严重不符
Manual upload Apr 5, 2026
Open Report ↗
Review
agent-kanban
硬编码 Gateway Token
Manual upload Apr 5, 2026
Open Report ↗
Review
evermind-ai-everos
SKILL.md未声明配置文件读写权限
Manual upload Apr 5, 2026
Open Report ↗
Review
skill-gatekeeper
未声明的外部命令执行
Manual upload Apr 5, 2026
Open Report ↗
Review
PRECC
curl|bash 远程脚本执行
Manual upload Apr 5, 2026
Open Report ↗
Review
ekybot-connector
文档声明与实际能力严重不符
Manual upload Apr 5, 2026
Open Report ↗
Review
agent-cli
危险curl|bash管道安装命令
Manual upload Apr 5, 2026
Open Report ↗
Review
stremio-cli
文档与代码不一致
Manual upload Apr 5, 2026
Open Report ↗
Review
hpr-solver
Undeclared LLM API calls to OpenRouter
Manual upload Apr 5, 2026
Open Report ↗