中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
58 /100
Trust
Review

lobster-use

危险 Shell 命令 - 远程脚本执行

RCESupply ChainDoc Mismatch
ClawHub 29 days ago
Open Report ↗
65 /100
Trust
Review

elevenlabs-toolkit

未声明的环境变量依赖

Doc Mismatch
ClawHub May 1, 2026
Open Report ↗
65 /100
Trust
Review

web-application-fuzzing-automation

文档声明与实际用途的权限声明不匹配

Doc MismatchSensitive AccessCredential Theft
ClawHub Apr 29, 2026
Open Report ↗
58 /100
Trust
Review

nexo-brain

外部 npm 包依赖且无版本锁定

Supply ChainDoc MismatchSensitive Access
ClawHub Apr 28, 2026
Open Report ↗
55 /100
Trust
Review

contextweave-diagrams

文档引用不存在的脚本文件

Doc MismatchSupply Chain
ClawHub Apr 23, 2026
Open Report ↗
60 /100
Trust
Review

polymarket-pro

curl|sh 远程脚本执行模式

RCESupply ChainSensitive Access
ClawHub Apr 23, 2026
Open Report ↗
55 /100
Trust
Review

asoul-support

通过 subprocess 调用外部工具(未声明权限)

Priv EscalationData ExfilDoc MismatchSensitive Access
ClawHub Apr 23, 2026
Open Report ↗
35 /100
Trust
Review

gpt-image-2

未声明的外部网络通信

Doc MismatchData ExfilObfuscation
ClawHub Apr 22, 2026
Open Report ↗
62 /100
Trust
Review

sage-router

systemctl服务管理未在声明中

Priv EscalationDoc Mismatch
ClawHub Apr 21, 2026
Open Report ↗
58 /100
Trust
Review

tunnel-proxy

PtySession可执行任意Shell命令

RCESensitive AccessSupply ChainDoc Mismatch
ClawHub Apr 20, 2026
Open Report ↗
65 /100
Trust
Review

server-log-analysis

config.yaml 包含明文凭证违反安全声明

Doc MismatchSensitive Access
ClawHub Apr 20, 2026
Open Report ↗
62 /100
Trust
Review

gta-real-estate-skillpay

未声明的网络外传行为

Doc MismatchSupply Chain
ClawHub Apr 20, 2026
Open Report ↗
58 /100
Trust
Review

news-briefing

未声明的 shell 执行和动态代码注入

Doc MismatchSupply ChainPriv Escalation
ClawHub Apr 20, 2026
Open Report ↗
55 /100
Trust
Review

sharkflow

SKILL.md声明功能远超实际代码能力

Doc MismatchSupply Chain
ClawHub Apr 20, 2026
Open Report ↗
55 /100
Trust
Review

auto-skill-hunter

权限声明与实际能力严重不符

Priv EscalationSupply ChainDoc MismatchSensitive Access
ClawHub Apr 19, 2026
Open Report ↗
50 /100
Trust
Review

daily-memory-summary

未声明的联系人信息提取功能

Doc MismatchSensitive AccessPriv Escalation
ClawHub Apr 19, 2026
Open Report ↗
← Previous
2 / 15
Next →