Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
safe-flow-solana-skill
Undocumented shell command execution
Manual upload Apr 3, 2026
Open Report ↗
Review
figma-agent
Undeclared scanning of Claude Code credential store
Manual upload Apr 3, 2026
Open Report ↗
Review
dex-arbitrage
Undeclared mandatory payment/billing system
Manual upload Apr 3, 2026
Open Report ↗
Review
flyai-transit-tour
Undeclared shell execution in workflow
Manual upload Apr 3, 2026
Open Report ↗
Review
Memory Workflow
Undeclared LLM data transmission
Manual upload Apr 3, 2026
Open Report ↗
Review
Novai360 智能市场分析
Undeclared network access to third-party API
Manual upload Apr 3, 2026
Open Report ↗
Review
doctor-check
API key validation method unspecified
Manual upload Apr 3, 2026
Open Report ↗
Review
xclaw-skill
Undocumented private key storage in plaintext
Manual upload Apr 3, 2026
Open Report ↗
Review
memory-compactor
Documentation-only skill with unverifiable behavior
Manual upload Apr 3, 2026
Open Report ↗
High Risk
grinders-farm
start.sh contains completely unrelated code
Manual upload Apr 3, 2026
Open Report ↗
High Risk
resume-jd-matcher
Hardcoded Real API Keys in Configuration
Manual upload Apr 3, 2026
Open Report ↗
Review
onetrust
Third-party credential proxy without transparency
Manual upload Apr 3, 2026
Open Report ↗
Review
blood-pressure-therapy
Undeclared external URL references
Manual upload Apr 3, 2026
Open Report ↗
High Risk
feishu-mcp
Hardcoded Application Secret Exposed
Manual upload Apr 3, 2026
Open Report ↗
Review
PathClaw
Hardcoded External IP Address
Manual upload Apr 3, 2026
Open Report ↗
Review
authlock
Shell command injection vulnerability in --exec
Manual upload Apr 3, 2026
Open Report ↗