中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
48 /100
Trust
Review

claw-wallet

Unsigned closed-source binary execution without integrity verification

Manual upload Apr 3, 2026
Open Report ↗
48 /100
Trust
Review

edge

Undeclared shell execution via npx spawn

Manual upload Apr 3, 2026
Open Report ↗
45 /100
Trust
Review

skill-state-manager

Credential Harvesting Framework

Manual upload Apr 3, 2026
Open Report ↗
55 /100
Trust
Review

video-to-text

Undeclared subprocess execution via execSync

Manual upload Apr 3, 2026
Open Report ↗
58 /100
Trust
Review

youdaonote

Dangerous curl|bash installation pattern documented

Manual upload Apr 3, 2026
Open Report ↗
35 /100
Trust
High Risk

github-code-analyzer

Hardcoded API Credential

Manual upload Apr 3, 2026
Open Report ↗
55 /100
Trust
Review

bitable_to_feishu_webhook

Data exfiltration via undeclared webhook URL

Manual upload Apr 3, 2026
Open Report ↗
60 /100
Trust
Review

affiliate-skills

Remote Script Execution via Pipe-to-Shell

Manual upload Apr 3, 2026
Open Report ↗
55 /100
Trust
Review

browser-automation

Hardcoded billing API key exposed in source code

Manual upload Apr 3, 2026
Open Report ↗
58 /100
Trust
Review

clawguard-auditor

Embedded reverse shell command patterns

Manual upload Apr 3, 2026
Open Report ↗
55 /100
Trust
Review

session-reflect

Undeclared shell execution in command files

Manual upload Apr 3, 2026
Open Report ↗
60 /100
Trust
Review

xhs-crawler

Feishu App Secret hardcoded and documented

Manual upload Apr 3, 2026
Open Report ↗
35 /100
Trust
Review

aliyun-ai-guardrail

Global fetch interception not declared

Manual upload Apr 3, 2026
Open Report ↗
35 /100
Trust
High Risk

qclaw-watchdog

Hardcoded Feishu API Credentials in config.json

Manual upload Apr 3, 2026
Open Report ↗
55 /100
Trust
Review

capability-evolver-zc

Undeclared shell command execution throughout codebase

Manual upload Apr 3, 2026
Open Report ↗
55 /100
Trust
Review

update-approval-guard (primary) + instreet + 25+ sub-skills (workspace)

Live InStreet API Key Stored in Plaintext

Manual upload Apr 3, 2026
Open Report ↗
← Previous
17 / 19
Next →