Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
baidu-netdisk-skill
硬编码加密密钥使 AES-256 加密承诺失效
ClawHub Apr 6, 2026
Open Report ↗
Review
markdown-ai-rewriter
npx 动态拉取第三方包
ClawHub Apr 6, 2026
Open Report ↗
Block
luci-memory
API密钥在初始化时即被外传至硬编码外部IP
Manual upload Apr 5, 2026
Open Report ↗
Review
rtk-integration
远程脚本管道执行无完整性校验
Manual upload Apr 5, 2026
Open Report ↗
Review
computer-use-skill
文档描述的代码结构不存在
Manual upload Apr 5, 2026
Open Report ↗
High Risk
MiniMax TTS
硬编码 API 密钥暴露
Manual upload Apr 5, 2026
Open Report ↗
Review
ctct-security-patrol
持久化设备指纹形成长期追踪能力
Manual upload Apr 5, 2026
Open Report ↗
Review
NIST CSF Mapper
强制外部API数据传输企业敏感信息
Manual upload Apr 5, 2026
Open Report ↗
Review
asiasea-bi
API认证凭证通过Base64编码嵌入可公开访问的HTML
Manual upload Apr 5, 2026
Open Report ↗
Review
tesla-cn
所有 API 流量经第三方代理中转
Manual upload Apr 5, 2026
Open Report ↗
Review
xiayu
用户凭证直接收集存在风险
Manual upload Apr 5, 2026
Open Report ↗
Review
feishu-ops
影子功能:本地桌面文件操作未在文档声明
Manual upload Apr 5, 2026
Open Report ↗
Review
用户工作区 (Multi-Skill Workspace)
虚构的 API 名称
Manual upload Apr 5, 2026
Open Report ↗
Review
Obsidian Semantic Search
远程脚本执行 - uv 安装
Manual upload Apr 5, 2026
Open Report ↗
Review
Awesome Pentest
文档声明与实际代码严重不符
Manual upload Apr 5, 2026
Open Report ↗
Review
daily-news-brief
文档中的危险卸载命令
Manual upload Apr 5, 2026
Open Report ↗