Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
OnionClaw
Missing implementation code—only documentation present
Manual upload Apr 5, 2026
Open Report ↗
Review
authenticate-wallet
Unversioned npm package execution
Manual upload Apr 5, 2026
Open Report ↗
High Risk
heycube-setup
Undeclared persistent hook installation
Manual upload Apr 5, 2026
Open Report ↗
Review
complianceradar-ai-monitor
Suspicious 'empire-skills' branding
Manual upload Apr 5, 2026
Open Report ↗
Review
toq
Missing allowed-tools declaration
Manual upload Apr 5, 2026
Open Report ↗
Review
dygod-movies
Hardcoded NAS credentials in documentation
Manual upload Apr 5, 2026
Open Report ↗
Review
uplo-legal
Unpinned npm package dependency
Manual upload Apr 5, 2026
Open Report ↗
High Risk
boss-ai-assistant
Hardcoded DashScope API Key
Manual upload Apr 4, 2026
Open Report ↗
High Risk
LLM Proxy
Critical content-blocking disabled — credential exfiltration not prevented
Manual upload Apr 4, 2026
Open Report ↗
Review
samantha
Undeclared shell execution via subprocess ping sweep
Manual upload Apr 4, 2026
Open Report ↗
High Risk
monid
Remote script execution via curl|bash from mutable branch
Manual upload Apr 4, 2026
Open Report ↗
Review
second-hand-trading
Hardcoded external IP address without ownership verification
Manual upload Apr 4, 2026
Open Report ↗
Review
问专家技能
Bypass robot detection declared as legitimate use case
Manual upload Apr 4, 2026
Open Report ↗
Review
k8s-incident-response-playbook
Sensitive incident data transmitted to external API
Manual upload Apr 4, 2026
Open Report ↗
High Risk
backup-2-github
Hardcoded Default Repository Exposes User Data
Manual upload Apr 4, 2026
Open Report ↗
Review
cat-viking-memory
Undeclared network communication to private IP
Manual upload Apr 4, 2026
Open Report ↗