weslink-claude-marketplace/wiki weslinkde | | This skill allows arbitrary code execution, file exfiltration, | 0 | – | 15 | 100Critical |
LeanIX-Catalog-Research-Marketplace/create-application vineetgoyal1 | | This skill attempts to harvest API tokens, executes | 0 | – | 15 | 100Critical |
ORC/orc twofoldtech-dakota | | This skill is highly susceptible to prompt injection, | 0 | – | 14 | 100Critical |
py-ai/ai vercel-labs | | The skill enables arbitrary code execution, supply chain | 42 | – | 4 | 100Critical |
superpowers-devops/code-audit tspry | | The skill instructs the agent to identify | 0 | – | 2 | 100Critical |
trigger.dev/span-timeline-events triggerdotdev | | The skill grants Bash and file access, enabling arbitrary | 14.8k | 3 | 4 | 100Critical |
skills/technical-blog-writing tool-belt | | This skill allows arbitrary Python code execution and broad | 414 | – | 6 | 100Critical |
skills/linkedin-content tool-belt | | The skill uses `npx skills add` to install | 414 | – | 2 | 100Critical |
wheee-plugin/security-scan skatekowski | | The skill grants excessive Bash and file system | 1 | – | 3 | 100Critical |
ttutak/pull-request rnqhstmd | | This skill, masquerading as a PR creation tool | 0 | – | 15 | 100Critical |
adversarial-review-coding/adversarial-plan-review robertoecf | | The skill allows remote code execution, sensitive | 3 | – | 8 | 100Critical |
resend-skills/resend-cli resend | | The skill introduces supply chain risk | 108 | 1.5k | 3 | 100Critical |
flash-list/agent-device shopify | | The skill executes shell commands and mandates `adb` for | 7.1k | 9 | 2 | 100Critical |
opc-skills/requesthunt resciencelab | | This skill is dangerous as it can download and execute | 838 | 1.2k | 3 | 100Critical |
remotion/video-report remotion-dev | | The skill allows arbitrary code execution via user-provided file | 45.9k | 716 | 3 | 100Critical |
redhat-docs-agent-tools/docs-workflow-jira-ready redhat-documentation | | The skill is vulnerable to shell command injection via unsan | 15 | – | 5 | 100Critical |
overthink-plugins/openclaw-browser-bootc overthinkos | | The skill exposes unsecured CDP and VNC, | 0 | – | 4 | 100Critical |
overthink-plugins/go overthinkos | | This skill provides extensive capabilities for credential management, arbitrary command | 0 | – | 9 | 100Critical |
PostSharp.Engineering.AISkills/eng postsharp | | The skill permits arbitrary PowerShell execution on the | 0 | – | 11 | 100Critical |
plugins/figma-create-design-system-rules openai | | The skill is vulnerable to SSRF via `localhost` | 997 | 1 | 3 | 100Critical |
zai-coding-plugins/case-feedback-skill zai-org | | Allows command injection via unsanitized user input and ex | 94 | 8 | 9 | 100Critical |
unslop-ui yuwen-lu | | This skill allows the agent to execute arbitrary shell commands and | 1 | – | 3 | 100Critical |
planning-with-files/planning-with-files othmanadi | | The skill grants broad command execution via Bash/PowerShell | 20.4k | – | 16 | 100Critical |
release-tests/release-workflow openshift | | The skill executes arbitrary system commands, bypasses critical | 7 | 3 | 9 | 100Critical |
skills/arxiv-latex-translator yuanshanhua | | The skill allows arbitrary code execution via user input | 0 | – | 5 | 100Critical |
skills/playwright-interactive openai | | This skill requires full system access, enabling arbitrary | 18.3k | 1.9k | 10 | 100Critical |
skills/security-best-practices openai | | The skill allows arbitrary command execution, file writes, and | 18.3k | 2.2k | 8 | 100Critical |
devflow-enforcer/android-testing xarlord | | The skill is vulnerable to command injection via unsan | 0 | – | 2 | 100Critical |
trace/forge-autoresearch mwarger | | This skill enables arbitrary command injection and | 0 | – | 14 | 100Critical |
llm-wiki/wiki-manager nvk | | The skill has extensive system, file, and network | 366 | 6 | 6 | 100Critical |
claude-wiki-plugin momocat1102 | | The skill risks arbitrary command execution via external files and Git | 0 | – | 4 | 100Critical |
skills/createos-deploy nodeops-app | | The skill enables autonomous cryptocurrency transfers using raw private keys, allowing server-controlled wallet drains and exfiltrating project files, exceeding expected deployment tool scope. | 3 | 128 | 12 | 100Critical |
choo-choo-ralph/ralph-guide mj-meyer | | Masquerades as a guide | 39 | – | 6 | 100Critical |
work-iq/ui-widget-developer microsoft | | This skill executes arbitrary OS commands, bypasses user | 784 | 5 | 5 | 100Critical |
ui-ux-pro-max-skill/slides nextlevelbuilder | | The skill allows directory traversal to access arbitrary files and falsely | 74.5k | – | 2 | 100Critical |
vscode/update-skills microsoft | | The skill allows an agent to persistently inject malicious instructions | 184.6k | – | 5 | 100Critical |
vscode-copilot-chat/project-setup-info-context7 microsoft | | The skill falsely claims to perform command execution for project setup | 9.9k | 1 | 2 | 100Critical |
ui-ux-pro-max-skill/banner-design nextlevelbuilder | | The skill is vulnerable to command injection and path | 74.5k | – | 3 | 100Critical |
skills/azure-keyvault-secrets-ts microsoft | | The skill provides full control over Azure Key Vault secrets | 2.2k | 1 | 4 | 100Critical |
skills/azure-enterprise-infra-planner microsoft | | This skill deceptively presents as a planner but | 2.2k | – | 6 | 100Critical |
architecture-cowork-plugin/coding-rules navraj007in | | The skill generates executable configuration and AI-consumable rules | 2 | – | 5 | 100Critical |
playwright-cli/playwright-cli microsoft | | Despite its benign description, this skill | 10.0k | 29.5k | 9 | 100Critical |
azure-skills/azure-upgrade microsoft | | The skill can execute arbitrary code, deploy malicious resources, | 849 | 255.4k | 7 | 100Critical |
agent-skills/azure-keyvault-secrets-ts microsoft | | This skill provides an AI agent with extensive, direct | 2.2k | – | 5 | 100Critical |
floatprompt/float-context mds | | This skill masquerades as a database query | 65 | – | 7 | 100Critical |
memento/analyze-local-changes mderk | | This skill allows arbitrary command injection and file writes | 27 | – | 4 | 100Critical |
claude_plugins/commit mcbottcher | | The skill is vulnerable to shell command injection | 0 | – | 2 | 100Critical |
cursor-notion-plugin/tasks-build makenotion | | The skill claims to implement code changes and uses unspecified | 9 | 9 | 3 | 100Critical |
