Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
High Risk
deepsafe-scan
Network access not declared in SKILL.md
Manual upload Apr 4, 2026
Open Report ↗
High Risk
Bounty Hunter Agent
Hardcoded DeepSeek API Key in Documentation
Manual upload Apr 4, 2026
Open Report ↗
High Risk
kuaidi-query
Hardcoded API Credentials Exposed
Manual upload Apr 4, 2026
Open Report ↗
High Risk
aibtc
Unpinned Remote Code Execution via npx
Manual upload Apr 4, 2026
Open Report ↗
High Risk
task-progress-stream
Undeclared shell command execution
Manual upload Apr 4, 2026
Open Report ↗
High Risk
self-evolution-engine
Hardcoded Billing API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗
High Risk
long-term-memory
Hardcoded API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗
High Risk
飞书机器人配置助手
文档中记录curl|bash远程脚本执行命令
Manual upload Apr 4, 2026
Open Report ↗
High Risk
xiaohongshu-win
Hardcoded placeholder IP address
Manual upload Apr 4, 2026
Open Report ↗
High Risk
zanna-aperta
Undeclared arbitrary Docker command execution
Manual upload Apr 4, 2026
Open Report ↗
High Risk
skill-factory
Undeclared shell command execution via execSync
Manual upload Apr 4, 2026
Open Report ↗
High Risk
nano-banana-pro
Hardcoded DASHSCOPE_API_KEY in _meta.json
Manual upload Apr 4, 2026
Open Report ↗
High Risk
huo15-memory-evolution
Hardcoded API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗
High Risk
awareness-memory
Undeclared session file exfiltration to external cloud
Manual upload Apr 4, 2026
Open Report ↗
High Risk
clawguard-threat-detect
Hardcoded Reverse Shell Payloads in Documentation
Manual upload Apr 4, 2026
Open Report ↗
High Risk
messenger_send_node
Undeclared Tor Network Routing
Manual upload Apr 3, 2026
Open Report ↗