Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
Rune
SSRF proof-of-concept with live metadata service IP
Manual upload Apr 4, 2026
Open Report ↗
Review
rewrite_question
Network capability declared as NONE but actual traffic exists
Manual upload Apr 4, 2026
Open Report ↗
Review
sql_audit
Hardcoded JWT token in source code
Manual upload Apr 4, 2026
Open Report ↗
High Risk
xiaohongshu-win
Hardcoded placeholder IP address
Manual upload Apr 4, 2026
Open Report ↗
High Risk
zanna-aperta
Undeclared arbitrary Docker command execution
Manual upload Apr 4, 2026
Open Report ↗
High Risk
skill-factory
Undeclared shell command execution via execSync
Manual upload Apr 4, 2026
Open Report ↗
High Risk
nano-banana-pro
Hardcoded DASHSCOPE_API_KEY in _meta.json
Manual upload Apr 4, 2026
Open Report ↗
High Risk
huo15-memory-evolution
Hardcoded API Key in Source Code
Manual upload Apr 4, 2026
Open Report ↗
Review
hostlink
No allowed-tools declaration despite full shell access
Manual upload Apr 4, 2026
Open Report ↗
Block
messenger_send_node
Undeclared Tor Network Detection and Routing
Manual upload Apr 4, 2026
Open Report ↗
Review
1panel
Undeclared arbitrary command execution via 1Panel Terminal API
Manual upload Apr 4, 2026
Open Report ↗
Review
Bitget Trader
Exposed API Credentials in Plaintext
Manual upload Apr 4, 2026
Open Report ↗
High Risk
awareness-memory
Undeclared session file exfiltration to external cloud
Manual upload Apr 4, 2026
Open Report ↗
Review
Grok Swarm
Undeclared credential access from OpenClaw auth profiles
Manual upload Apr 4, 2026
Open Report ↗
High Risk
clawguard-threat-detect
Hardcoded Reverse Shell Payloads in Documentation
Manual upload Apr 4, 2026
Open Report ↗
Review
agentcop
Undeclared network communication to agentcop.live
Manual upload Apr 4, 2026
Open Report ↗