Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Web Scout
v1.0.0给 AI Agent 一键装上全网采集能力。基于 Agent Reach,支持 Twitter/X、Reddit、YouTube、B站、小红书、抖音、GitHub、LinkedIn、Boss直聘、RSS、全网搜索等平台。一条命令安装,零 API 费用。
⭐ 6· 740·9 current·9 all-time
by子豪@aizain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described purpose (web data collection) legitimately requires platform credentials, CLI tools, and possibly Docker/MCP services. However, the registry metadata lists no required binaries, no environment variables, and no config paths even though the instructions clearly depend on many external tools (pip, gh CLI, yt-dlp, docker, mcporter/mcporter-related services, Docker images) and credentials (browser cookies, login sessions). This mismatch is incoherent — either the metadata is incomplete or the skill is hiding required capabilities.
Instruction Scope
SKILL.md directs the user/agent to: pip install a GitHub main.zip (arbitrary code), run agent-reach install which auto-installs many dependencies, launch Docker containers, configure proxies, and import/export browser cookies (with the explicit instruction to '发给 Agent' — send cookie header string to the agent). It also instructs storing cookies in ~/.agent-reach/config.yaml. These instructions go beyond a simple helper: they require installation of third-party software, user secrets, and starting services on the host.
Install Mechanism
Install is done via pip install of a GitHub archive (https://github.com/.../archive/main.zip). Installing from an unpinned main branch zip can execute arbitrary and changing code and is higher risk than using a pinned release or vetted package. There is no install.spec in the registry (instruction-only), so installing this skill requires running network downloads and package installs outside the registry's control.
Credentials
Although the skill metadata declares no required credentials, the runtime instructions require sensitive secrets: exported browser cookie strings for Twitter/X and Xiaohongshu, logins for GitHub/LinkedIn, proxy credentials, and potentially Docker image network access. The skill claims cookies are stored locally with file perms 600, but asking users to export and send cookie header strings to an agent expands the attack surface and is not justified by the metadata.
Persistence & Privilege
The skill does not request 'always: true' and does not claim elevated platform privileges. It suggests using agent-reach watch for health checks and has commands to run and uninstall. Autonomous invocation remains possible (platform default) but is not uniquely elevated by this skill. Still, an installed agent-reach tool that can run periodic tasks and hold cookies increases long-term exposure if installed without isolation.
What to consider before installing
This skill is suspicious because its runtime steps require many tools and sensitive credentials that are not declared in the metadata. Before installing: 1) Inspect the GitHub repo (prefer a pinned release/tag, not main.zip) and review the code you will pip-install. 2) Run any install inside an isolated environment (VM or container) and use a Python venv; avoid installing directly on a production host. 3) Use --dry-run or --safe modes first to see what would be installed. 4) Never paste your primary account cookies/API keys into an agent; use throwaway/test accounts if you must provide cookies, and verify where and how they are stored (~/.agent-reach/config.yaml). 5) Verify any Docker images (e.g., xpzouying/xiaohongshu-mcp) on Docker Hub and prefer self-hosted audited alternatives. 6) Require the publisher to update the skill metadata to list required binaries and secrets; if they cannot justify the missing declarations, avoid installing. If you want, I can produce a short checklist of specific files/commands to audit in the referenced repo before you proceed.Like a lobster shell, security has layers — review code before you run it.
latestvk97e63s6desxwx1na9gh4x1ry581yxj2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.