Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
High Risk
tweet-monitor-pro
文档声称零依赖但实际存在外部脚本依赖
ClawHub Apr 19, 2026
Open Report ↗
High Risk
whale-alert-monitor
硬编码API密钥未在文档声明
ClawHub Apr 12, 2026
Open Report ↗
High Risk
ludwitt-university
updateInstructions 远程代码执行通道
ClawHub Apr 12, 2026
Open Report ↗
High Risk
birth-system-manager
文档承诺不显示私钥但代码明文输出
ClawHub Apr 10, 2026
Open Report ↗
High Risk
skill-registry-unified
未声明的远程代码执行
ClawHub Apr 6, 2026
Open Report ↗
High Risk
MiniMax TTS
硬编码 API 密钥暴露
Manual upload Apr 5, 2026
Open Report ↗
High Risk
混合工作空间
大量硬编码阿里云API密钥
Manual upload Apr 5, 2026
Open Report ↗
High Risk
Setup Multi Gateway
硬编码API密钥
Manual upload Apr 5, 2026
Open Report ↗
High Risk
Bitget Trader
SKILL.md嵌入了真实API凭证
Manual upload Apr 5, 2026
Open Report ↗
High Risk
grok-swarm
未声明的shell执行功能
Manual upload Apr 5, 2026
Open Report ↗
High Risk
dianping-api
Remote Script Execution via curl|bash
Manual upload Apr 5, 2026
Open Report ↗
High Risk
memolecard-auto
Browser session cookies exfiltrated to arbitrary URL
Manual upload Apr 5, 2026
Open Report ↗
High Risk
openclaw-backup
Missing implementation scripts
Manual upload Apr 5, 2026
Open Report ↗
High Risk
claw-ops-manager
Undeclared Shell Command Execution
Manual upload Apr 5, 2026
Open Report ↗
High Risk
hive-commander
Covert credential extraction from runtime environment
Manual upload Apr 5, 2026
Open Report ↗
High Risk
gangtise-kb
Undeclared subprocess execution with missing binary
Manual upload Apr 5, 2026
Open Report ↗