Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
jef1test
All API data routed through third-party proxy
Manual upload Apr 4, 2026
Open Report ↗
Review
gougoubi-activate-and-stake-risklp
Referenced scripts not included in package
Manual upload Apr 4, 2026
Open Report ↗
Review
PV_12
Vague capability claims without verification
Manual upload Apr 4, 2026
Open Report ↗
High Risk
sensitive-profile-audit
Undeclared SHA256 fingerprinting of credential directories
Manual upload Apr 4, 2026
Open Report ↗
High Risk
openviking-context
Undeclared curl|bash remote script execution
Manual upload Apr 4, 2026
Open Report ↗
High Risk
elevated-task-runner
Arbitrary PowerShell Command Execution
Manual upload Apr 4, 2026
Open Report ↗
Review
interactive-infographic
Hardcoded fallback API key in source code
Manual upload Apr 4, 2026
Open Report ↗
Review
okx-security
Remote installer download and execution
Manual upload Apr 4, 2026
Open Report ↗
High Risk
minimax-web-search
Hardcoded API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗
High Risk
minimax-cp
Hardcoded MiniMax API Key Exposed
Manual upload Apr 4, 2026
Open Report ↗
Review
risk-analysis
Hardcoded MySQL credentials in config.yaml
Manual upload Apr 4, 2026
Open Report ↗
Review
isnad-security-kit
installer.js performs zero actual installation
Manual upload Apr 4, 2026
Open Report ↗
Review
rundev-local-dev
Dangerous curl|bash Installation Pattern
Manual upload Apr 4, 2026
Open Report ↗
Review
psychedelic-cognition
Safety mechanism bypass instruction
Manual upload Apr 4, 2026
Open Report ↗
Review
cogdx-health
Missing allowed-tools declaration
Manual upload Apr 4, 2026
Open Report ↗
Review
ai-customer-service-automation
Declared functionality has no implementation
Manual upload Apr 4, 2026
Open Report ↗