中文 EN
Start Review
Risk Sample Stream

Which skills recently failed
or triggered trust review

This is not a popularity board. It shows recently reviewed skills that the system believes should be blocked or at least manually reviewed. The point is not how popular they are, but why they should not be installed blindly.

349 Risky samples surfaced
4 New in 7 days
0 Platform misses surfaced
All Malicious High Risk Suspicious
Sort by time Sort by risk
All Code Exec Credential Theft Data Exfil Priv Esc Supply Chain Doc Deception Prompt Injection Obfuscation
45 /100
Trust
Review

问专家技能

Bypass robot detection declared as legitimate use case

Doc MismatchRCESensitive AccessSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

minimax-image-gen

SSL/TLS security claim contradicts code implementation

Doc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

gougoubi-claim-all-rewards

Missing implementation scripts

Doc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
65 /100
Trust
Review

lowcode-platform-development

Declared PowerShell script missing

Doc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
48 /100
Trust
Review

k8s-incident-response-playbook

Sensitive incident data transmitted to external API

Data ExfilDoc MismatchPriv EscalationSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
35 /100
Trust
High Risk

backup-2-github

Hardcoded Default Repository Exposes User Data

Data ExfilDoc MismatchSupply ChainSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

remnawave-robot

Hardcoded IP address as default API endpoint

Sensitive AccessDoc MismatchPriv Escalation
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

cat-viking-memory

Undeclared network communication to private IP

Doc MismatchData ExfilPriv EscalationSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
28 /100
Trust
High Risk

uplo-defense

Unpinned npm package execution via npx -y

Supply ChainData ExfilCredential TheftDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
60 /100
Trust
Review

openclaw-security-auditor

Undeclared filesystem write capability

Doc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
62 /100
Trust
Review

crewai-team

Hardcoded API credential in 15 Python files

Credential TheftDoc MismatchSupply Chain
Manual upload Apr 4, 2026
Open Report ↗
30 /100
Trust
High Risk

Unknown (E-SafeNet LOCK visible in binary)

Binary content in SKILL.md

ObfuscationDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
25 /100
Trust
High Risk

aicoin-monitor

SKILL.md claims strict isolation but reads global config file

Doc MismatchSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
58 /100
Trust
Review

instreet-gomoku

Hardcoded API credential in source code

Credential TheftDoc MismatchSupply ChainSensitive Access
Manual upload Apr 4, 2026
Open Report ↗
30 /100
Trust
High Risk

VLAN Linux Client Skill

Remote script piped to bash without integrity verification

Supply ChainCredential TheftDoc Mismatch
Manual upload Apr 4, 2026
Open Report ↗
55 /100
Trust
Review

exploration-mode-skill

Undeclared autonomous execution

Doc MismatchPriv Escalation
Manual upload Apr 4, 2026
Open Report ↗
← Previous
9 / 19
Next →