中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
55 /100
Trust
Review

dygod-movies

Hardcoded NAS credentials in documentation

Credential TheftSupply ChainPriv EscalationDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
58 /100
Trust
Review

uplo-legal

Unpinned npm package dependency

Supply ChainDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
55 /100
Trust
Review

Etf

False documentation - no ETF functionality exists

Doc MismatchPriv EscalationData Exfil
Manual upload Apr 4, 2026
Open Report ↗
25 /100
Trust
High Risk

boss-ai-assistant

Hardcoded DashScope API Key

Credential TheftData ExfilSupply ChainSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

LLM Proxy

Critical content-blocking disabled — credential exfiltration not prevented

Credential TheftDoc MismatchSensitive AccessRCE
Manual upload Apr 4, 2026
Open Report ↗
60 /100
Trust
Review

samantha

Undeclared shell execution via subprocess ping sweep

Priv EscalationDoc MismatchCredential TheftSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
38 /100
Trust
High Risk

monid

Remote script execution via curl|bash from mutable branch

RCEPriv EscalationCredential TheftDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

ai-intelligent-asset-management

Documentation claims executable application with no code

Doc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
45 /100
Trust
Review

tiktok-video-downloader

False claim of 'no data collection'

Doc MismatchPriv Escalation
Manual upload Apr 4, 2026
Open Report ↗
32 /100
Trust
High Risk

moodle-connector

Hardcoded default password in MCP server bypasses security requirement

Credential TheftDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
45 /100
Trust
Review

问专家技能

Bypass robot detection declared as legitimate use case

Doc MismatchRCESensitive AccessSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

minimax-image-gen

SSL/TLS security claim contradicts code implementation

Doc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

gougoubi-claim-all-rewards

Missing implementation scripts

Doc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
65 /100
Trust
Review

lowcode-platform-development

Declared PowerShell script missing

Doc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
48 /100
Trust
Review

k8s-incident-response-playbook

Sensitive incident data transmitted to external API

Data ExfilDoc MismatchPriv EscalationSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

backup-2-github

Hardcoded Default Repository Exposes User Data

Data ExfilDoc MismatchSupply ChainSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
← Previous
8 / 15
Next →