Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
High Risk
github-code-analyzer
Hardcoded API Credential
Manual upload Apr 3, 2026
Open Report ↗
High Risk
qclaw-watchdog
Hardcoded Feishu API Credentials in config.json
Manual upload Apr 3, 2026
Open Report ↗
High Risk
skill-security-vet
Undeclared local/full computer scanning mode
Manual upload Apr 3, 2026
Open Report ↗
High Risk
skill-gatekeeper
Undeclared child_process.exec with hardcoded path
Manual upload Apr 3, 2026
Open Report ↗
High Risk
superguard
Hidden garbled text in metadata likely containing prompt injection
Manual upload Apr 3, 2026
Open Report ↗
High Risk
agent-p2p
Hardcoded default password for admin backend
Manual upload Apr 3, 2026
Open Report ↗
High Risk
async-command
Hardcoded External IP Address
Manual upload Apr 3, 2026
Open Report ↗
High Risk
ai-redaction
Obfuscated compiled JavaScript hides functionality
Manual upload Apr 3, 2026
Open Report ↗
High Risk
gitlab
Hardcoded GitLab API Token
Manual upload Apr 3, 2026
Open Report ↗
High Risk
income-lab
Hardcoded API Key Exposed in Source Code
Manual upload Apr 3, 2026
Open Report ↗
High Risk
AI Agent Skills Workspace
InStreet API Key 硬编码泄露
Manual upload Apr 3, 2026
Open Report ↗
High Risk
memex
未声明的遥测功能
Manual upload Apr 3, 2026
Open Report ↗