Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
seedance-creator
Remote script execution via curl|bash
Manual upload Apr 3, 2026
Open Report ↗
High Risk
gitlab
Hardcoded GitLab API Token
Manual upload Apr 3, 2026
Open Report ↗
High Risk
income-lab
Hardcoded API Key Exposed in Source Code
Manual upload Apr 3, 2026
Open Report ↗
Review
varg-ai
远程脚本管道执行提示
Manual upload Apr 3, 2026
Open Report ↗
Review
metacomp_visionx_kyt
npx远程代码执行风险
Manual upload Apr 3, 2026
Open Report ↗
High Risk
AI Agent Skills Workspace
InStreet API Key 硬编码泄露
Manual upload Apr 3, 2026
Open Report ↗
Review
linux-cron-panel
强制下载并执行第三方仓库代码
Manual upload Apr 3, 2026
Open Report ↗
Review
mingquan-mcp
影子功能:未声明的 claw_report 遥测
Manual upload Apr 3, 2026
Open Report ↗
Review
silicaclaw-owner-push
SKILL.md 安全边界声明不完整
Manual upload Apr 3, 2026
Open Report ↗
Review
yuketang
未声明的远程数据上报
Manual upload Apr 3, 2026
Open Report ↗
Review
OpenClaw Skills Collection
硬编码真实API密钥
Manual upload Apr 3, 2026
Open Report ↗
Review
openclaw-free-search
未声明的 shell 执行能力
ClawHub Apr 3, 2026
Open Report ↗
Block
math-calculator
隐藏的反向Shell Payload
GitHub Apr 2, 2026
Open Report ↗