Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
solanaprox-ai
敏感能力未在 Security Manifest 中声明
ClawHub 1 day ago
Open Report ↗
Review
fulcra-onboarding
远程脚本执行 (curl|sh 模式)
ClawHub 2 days ago
Open Report ↗
Review
browser-act
无法验证文档-行为一致性
ClawHub 12 days ago
Open Report ↗
Review
code-right
文档声称的核心功能完全未在本地实现
ClawHub 17 days ago
Open Report ↗
Review
amazon-screenshot
硬编码SMTP服务凭证(阴影功能)
ClawHub 18 days ago
Open Report ↗
Review
imitation-agent
加密货币私钥明文存储
ClawHub 24 days ago
Open Report ↗
Review
create-payment-credential
原始信用卡凭证明文输出
ClawHub 29 days ago
Open Report ↗
Review
asoul-support
通过 subprocess 调用外部工具(未声明权限)
ClawHub Apr 23, 2026
Open Report ↗
Review
sage-router
systemctl服务管理未在声明中
ClawHub Apr 21, 2026
Open Report ↗
Review
news-briefing
未声明的 shell 执行和动态代码注入
ClawHub Apr 20, 2026
Open Report ↗
Review
auto-skill-hunter
权限声明与实际能力严重不符
ClawHub Apr 19, 2026
Open Report ↗
High Risk
tweet-monitor-pro
文档声称零依赖但实际存在外部脚本依赖
ClawHub Apr 19, 2026
Open Report ↗
Review
daily-memory-summary
未声明的联系人信息提取功能
ClawHub Apr 19, 2026
Open Report ↗
High Risk
ludwitt-university
updateInstructions 远程代码执行通道
ClawHub Apr 12, 2026
Open Report ↗
Review
lifescience-meta-router-internal
声明执行框架但无实际代码
ClawHub Apr 12, 2026
Open Report ↗
Review
odds-movement-monitor
硬编码API密钥暴露
ClawHub Apr 11, 2026
Open Report ↗