Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
High Risk
dianping-api
Remote Script Execution via curl|bash
Manual upload Apr 5, 2026
Open Report ↗
High Risk
hive-commander
Covert credential extraction from runtime environment
Manual upload Apr 5, 2026
Open Report ↗
High Risk
monid
Remote script execution via curl|bash from mutable branch
Manual upload Apr 4, 2026
Open Report ↗
High Risk
Unknown (E-SafeNet LOCK visible in binary)
Binary content in SKILL.md
Manual upload Apr 4, 2026
Open Report ↗
High Risk
mind-wander
Undeclared arbitrary Python code execution via sandbox_run()
Manual upload Apr 4, 2026
Open Report ↗
High Risk
minimal-agent
Unrestricted Arbitrary Command Execution via V1 Mode
Manual upload Apr 4, 2026
Open Report ↗
High Risk
xiaohongshu-win
Hardcoded placeholder IP address
Manual upload Apr 4, 2026
Open Report ↗
High Risk
skill-factory
Undeclared shell command execution via execSync
Manual upload Apr 4, 2026
Open Report ↗
High Risk
messenger_send_node
Undeclared Tor Network Routing
Manual upload Apr 3, 2026
Open Report ↗