Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
gpt-chat
未声明的HTTP服务器
ClawHub Apr 6, 2026
Open Report ↗
Review
stocktoday-mcp
凭证及查询数据发往未知第三方服务器
ClawHub Apr 6, 2026
Open Report ↗
Review
bt-download
未声明的外部网络访问
ClawHub Apr 6, 2026
Open Report ↗
Review
nim-ensemble / free-scaling
Copilot token刷新机制未在文档中声明
ClawHub Apr 6, 2026
Open Report ↗
Review
aibtc
未声明的远程代码执行
ClawHub Apr 6, 2026
Open Report ↗
Review
introspection-debugger
Webhook 通知机制发送完整错误报告到外部端点
ClawHub Apr 6, 2026
Open Report ↗
Review
wechat-ai-bridge
配置文件明文存储敏感凭证
ClawHub Apr 6, 2026
Open Report ↗
Review
task-progress-stream
状态文件写入未声明
ClawHub Apr 6, 2026
Open Report ↗
Review
agile-workflow
硬编码用户目录路径
ClawHub Apr 6, 2026
Open Report ↗
Review
115-skills
User-Agent包含可疑硬编码IP
ClawHub Apr 6, 2026
Open Report ↗
Review
baidu-netdisk-skill
硬编码加密密钥使 AES-256 加密承诺失效
ClawHub Apr 6, 2026
Open Report ↗
Review
markdown-ai-rewriter
npx 动态拉取第三方包
ClawHub Apr 6, 2026
Open Report ↗
Review
rtk-integration
远程脚本管道执行无完整性校验
Manual upload Apr 5, 2026
Open Report ↗
Review
computer-use-skill
文档描述的代码结构不存在
Manual upload Apr 5, 2026
Open Report ↗
Review
ctct-security-patrol
持久化设备指纹形成长期追踪能力
Manual upload Apr 5, 2026
Open Report ↗
Review
NIST CSF Mapper
强制外部API数据传输企业敏感信息
Manual upload Apr 5, 2026
Open Report ↗