中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
60 /100
Trust
Review

cmd-execution-test

影子功能 - 未声明的任意命令执行能力

Doc MismatchRCEPriv EscalationSupply Chain
ClawHub Apr 9, 2026
Open Report ↗
55 /100
Trust
Review

botlearn

SKILL.md 未声明 cmd_scan 的完整数据收集范围

Doc MismatchSupply ChainSensitive AccessPriv Escalation
ClawHub Apr 7, 2026
Open Report ↗
55 /100
Trust
Review

typescript-package-manager

远程脚本管道执行

RCEDoc MismatchPriv EscalationSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
68 /100
Trust
Review

agent-guardian

Python 依赖无版本锁定

Supply ChainPriv EscalationSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
60 /100
Trust
Review

wip-readme-format

未声明的文件系统写入权限

Priv EscalationObfuscationSupply ChainDoc Mismatch
ClawHub Apr 6, 2026
Open Report ↗
55 /100
Trust
Review

bt-download

未声明的外部网络访问

Doc MismatchSupply ChainPriv EscalationSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
45 /100
Trust
Review

pumpclaw-agent

SKILL.md声明与代码行为不符:交易签名

Doc MismatchSensitive AccessSupply ChainPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
60 /100
Trust
Review

nim-ensemble / free-scaling

Copilot token刷新机制未在文档中声明

Doc MismatchPriv EscalationSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
65 /100
Trust
Review

task-progress-stream

状态文件写入未声明

Doc MismatchRCEPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
58 /100
Trust
Review

agile-workflow

硬编码用户目录路径

Doc MismatchSensitive AccessRCEPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
72 /100
Trust
Review

115-skills

User-Agent包含可疑硬编码IP

Doc MismatchObfuscationSupply ChainPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
45 /100
Trust
Review

baidu-netdisk-skill

硬编码加密密钥使 AES-256 加密承诺失效

Doc MismatchCredential TheftSupply ChainPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
65 /100
Trust
Review

markdown-ai-rewriter

npx 动态拉取第三方包

Supply ChainPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
65 /100
Trust
Review

feishu-bot-config-helper

危险远程脚本管道执行

RCEPriv EscalationCredential TheftDoc Mismatch
Manual upload Apr 5, 2026
Open Report ↗
58 /100
Trust
Review

feishu-ops

影子功能:本地桌面文件操作未在文档声明

Doc MismatchSensitive AccessSupply ChainCredential Theft
Manual upload Apr 5, 2026
Open Report ↗
55 /100
Trust
Review

Awesome Pentest

文档声明与实际代码严重不符

Doc MismatchPriv EscalationSupply Chain
Manual upload Apr 5, 2026
Open Report ↗
← Previous
2 / 5
Next →