中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
35 /100
Trust
High Risk

token-sop

Automatic workflow contribution enabled by default

Data ExfilPriv EscalationRCEDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

ai-content-pipeline

Production API credentials in .env file

Credential TheftDoc MismatchSupply ChainSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
65 /100
Trust
Review

clawschool

Undeclared shell execution requirement

Doc MismatchPriv Escalation
Manual upload Apr 4, 2026
Open Report ↗
33 /100
Trust
High Risk

mind-wander

Undeclared arbitrary Python code execution via sandbox_run()

RCEDoc MismatchPersistenceSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

stremio-cli

Explicit false statement about script status

Doc MismatchRCESensitive Access
Manual upload Apr 4, 2026
Open Report ↗
48 /100
Trust
Review

file-transfer-thru-local-workspace

Undeclared credential file access

Credential TheftSensitive AccessPriv EscalationDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
52 /100
Trust
Review

feynman-fsrs-pro

Database credentials exposed in SKILL.md

Credential TheftDoc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

Enterprise Security

Undeclared shell execution via execSync

RCECredential TheftDoc MismatchPriv Escalation
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

moltspay_skill

Untrusted third-party npm package installed without pinning

Supply ChainDoc MismatchPriv EscalationSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
65 /100
Trust
Review

run402-test

Documentation mismatch - curl examples vs actual implementation

Doc MismatchSensitive AccessCredential Theft
Manual upload Apr 4, 2026
Open Report ↗
25 /100
Trust
High Risk

minimal-agent

Unrestricted Arbitrary Command Execution via V1 Mode

RCEDoc MismatchPriv EscalationObfuscation
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

maxianer

Undeclared external data transmission

Data ExfilDoc MismatchSensitive AccessCredential Theft
Manual upload Apr 4, 2026
Open Report ↗
45 /100
Trust
Review

ai-beauty

Contradictory claim of local-only processing

Doc MismatchData ExfilSupply ChainCredential Theft
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

openclaw-memory-auto

Hardcoded Windows username path leaks user identity

Priv EscalationDoc MismatchCredential TheftSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
68 /100
Trust
Review

cms-meeting-monitor

Undeclared cross-skill subprocess execution

Doc MismatchPriv EscalationSupply ChainSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

castreader

Undeclared network requests to external API

Doc MismatchSensitive AccessObfuscation
Manual upload Apr 4, 2026
Open Report ↗
← Previous
11 / 15
Next →