中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
65 /100
Trust
Review

mindkeeper

文档未声明可触发远程脚本执行

Doc MismatchSupply ChainSensitive Access
ClawHub Apr 7, 2026
Open Report ↗
55 /100
Trust
Review

botlearn

SKILL.md 未声明 cmd_scan 的完整数据收集范围

Doc MismatchSupply ChainSensitive AccessPriv Escalation
ClawHub Apr 7, 2026
Open Report ↗
55 /100
Trust
Review

typescript-package-manager

远程脚本管道执行

RCEDoc MismatchPriv EscalationSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
55 /100
Trust
Review

file-transfer-thru-local-workspace

服务暴露在公网监听

Sensitive AccessDoc MismatchSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
68 /100
Trust
Review

agent-guardian

Python 依赖无版本锁定

Supply ChainPriv EscalationSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
50 /100
Trust
Review

math-utils

命令注入漏洞

RCEDoc MismatchSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
60 /100
Trust
Review

wip-readme-format

未声明的文件系统写入权限

Priv EscalationObfuscationSupply ChainDoc Mismatch
ClawHub Apr 6, 2026
Open Report ↗
32 /100
Trust
High Risk

skill-registry-unified

未声明的远程代码执行

RCEDoc MismatchSupply ChainSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
55 /100
Trust
Review

layered-memory

外部脚本缺失导致功能不可用

Supply ChainDoc Mismatch
ClawHub Apr 6, 2026
Open Report ↗
65 /100
Trust
Review

gpt-chat

未声明的HTTP服务器

Doc MismatchSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
55 /100
Trust
Review

stocktoday-mcp

凭证及查询数据发往未知第三方服务器

Data ExfilSupply ChainDoc Mismatch
ClawHub Apr 6, 2026
Open Report ↗
55 /100
Trust
Review

bt-download

未声明的外部网络访问

Doc MismatchSupply ChainPriv EscalationSensitive Access
ClawHub Apr 6, 2026
Open Report ↗
60 /100
Trust
Review

nim-ensemble / free-scaling

Copilot token刷新机制未在文档中声明

Doc MismatchPriv EscalationSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
60 /100
Trust
Review

introspection-debugger

Webhook 通知机制发送完整错误报告到外部端点

Data ExfilSupply ChainDoc Mismatch
ClawHub Apr 6, 2026
Open Report ↗
45 /100
Trust
Review

wechat-ai-bridge

配置文件明文存储敏感凭证

Credential TheftData ExfilDoc MismatchSupply Chain
ClawHub Apr 6, 2026
Open Report ↗
72 /100
Trust
Review

115-skills

User-Agent包含可疑硬编码IP

Doc MismatchObfuscationSupply ChainPriv Escalation
ClawHub Apr 6, 2026
Open Report ↗
← Previous
3 / 10
Next →