Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
Etf
False documentation - no ETF functionality exists
Manual upload Apr 4, 2026
Open Report ↗
Review
samantha
Undeclared shell execution via subprocess ping sweep
Manual upload Apr 4, 2026
Open Report ↗
High Risk
monid
Remote script execution via curl|bash from mutable branch
Manual upload Apr 4, 2026
Open Report ↗
Review
tiktok-video-downloader
False claim of 'no data collection'
Manual upload Apr 4, 2026
Open Report ↗
Review
k8s-incident-response-playbook
Sensitive incident data transmitted to external API
Manual upload Apr 4, 2026
Open Report ↗
Review
remnawave-robot
Hardcoded IP address as default API endpoint
Manual upload Apr 4, 2026
Open Report ↗
Review
cat-viking-memory
Undeclared network communication to private IP
Manual upload Apr 4, 2026
Open Report ↗
Review
exploration-mode-skill
Undeclared autonomous execution
Manual upload Apr 4, 2026
Open Report ↗
High Risk
elevated-task-runner
Arbitrary PowerShell Command Execution
Manual upload Apr 4, 2026
Open Report ↗
Review
risk-analysis
Hardcoded MySQL credentials in config.yaml
Manual upload Apr 4, 2026
Open Report ↗
Review
rundev-local-dev
Dangerous curl|bash Installation Pattern
Manual upload Apr 4, 2026
Open Report ↗
Review
colmena-manager
Command injection via agentId in multiple exec() calls
Manual upload Apr 4, 2026
Open Report ↗
Review
semanticfs
Dangerous curl|bash remote script execution
Manual upload Apr 4, 2026
Open Report ↗
High Risk
token-sop
Automatic workflow contribution enabled by default
Manual upload Apr 4, 2026
Open Report ↗
Review
clawschool
Undeclared shell execution requirement
Manual upload Apr 4, 2026
Open Report ↗
High Risk
mind-wander
Undeclared arbitrary Python code execution via sandbox_run()
Manual upload Apr 4, 2026
Open Report ↗