Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
E-SafeNet (suspected from encoded content)
SKILL.md 包含异常编码内容
ClawHub Apr 12, 2026
Open Report ↗
High Risk
ludwitt-university
updateInstructions 远程代码执行通道
ClawHub Apr 12, 2026
Open Report ↗
Review
lifescience-meta-router-internal
声明执行框架但无实际代码
ClawHub Apr 12, 2026
Open Report ↗
Review
odds-movement-monitor
硬编码第三方API密钥
ClawHub Apr 11, 2026
Open Report ↗
Review
skills-collection
网络出站声明与实际行为不符
ClawHub Apr 11, 2026
Open Report ↗
Review
a2a-article-services
硬编码外部 IP 地址
ClawHub Apr 11, 2026
Open Report ↗
Review
dating
ManoBrowser 脚本连接外部数据采集服务端点
ClawHub Apr 10, 2026
Open Report ↗
High Risk
birth-system-manager
文档承诺不显示私钥但代码明文输出
ClawHub Apr 10, 2026
Open Report ↗
Review
fin-advisor
未声明的网络访问能力
ClawHub Apr 9, 2026
Open Report ↗
Review
Memphis Cognitive Engine
远程脚本执行 - Memphis安装
ClawHub Apr 9, 2026
Open Report ↗
Review
cmd-execution-test
影子功能 - 未声明的任意命令执行能力
ClawHub Apr 9, 2026
Open Report ↗
Review
mindkeeper
文档未声明可触发远程脚本执行
ClawHub Apr 7, 2026
Open Report ↗
Review
botlearn
SKILL.md 未声明 cmd_scan 的完整数据收集范围
ClawHub Apr 7, 2026
Open Report ↗
Review
typescript-package-manager
远程脚本管道执行
ClawHub Apr 6, 2026
Open Report ↗
Review
math-utils
命令注入漏洞
ClawHub Apr 6, 2026
Open Report ↗
Review
wip-readme-format
未声明的文件系统写入权限
ClawHub Apr 6, 2026
Open Report ↗