Which skills recently failed
or triggered trust review
This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.
Review
agent-kanban
硬编码 Gateway Token
Manual upload Apr 5, 2026
Open Report ↗
Review
evermind-ai-everos
SKILL.md未声明配置文件读写权限
Manual upload Apr 5, 2026
Open Report ↗
Review
kuaishou-genius-actual
--insecure 模式禁用 TLS 证书校验
Manual upload Apr 5, 2026
Open Report ↗
Review
PRECC
curl|bash 远程脚本执行
Manual upload Apr 5, 2026
Open Report ↗
Review
ClawSentry
代码高度混淆难以审计
Manual upload Apr 5, 2026
Open Report ↗
Review
ekybot-connector
文档声明与实际能力严重不符
Manual upload Apr 5, 2026
Open Report ↗
Review
agent-cli
危险curl|bash管道安装命令
Manual upload Apr 5, 2026
Open Report ↗
High Risk
grok-swarm
未声明的shell执行功能
Manual upload Apr 5, 2026
Open Report ↗
High Risk
dianping-api
Remote Script Execution via curl|bash
Manual upload Apr 5, 2026
Open Report ↗
High Risk
memolecard-auto
Browser session cookies exfiltrated to arbitrary URL
Manual upload Apr 5, 2026
Open Report ↗
Block
vnstock-env-setup
API keys sent to external server vnstocks.com
Manual upload Apr 5, 2026
Open Report ↗
High Risk
openclaw-backup
Missing implementation scripts
Manual upload Apr 5, 2026
Open Report ↗
High Risk
claw-ops-manager
Undeclared Shell Command Execution
Manual upload Apr 5, 2026
Open Report ↗
Review
hpr-solver
Undeclared LLM API calls to OpenRouter
Manual upload Apr 5, 2026
Open Report ↗
Review
fund-daily
Undeclared network API access
Manual upload Apr 5, 2026
Open Report ↗
Review
stock-prediction
Undeclared shell command execution
Manual upload Apr 5, 2026
Open Report ↗