Web Scout
WarnAudited by ClawScan on May 10, 2026.
Overview
Web Scout matches its web-collection purpose, but it asks you to run unpinned third-party installers/MCP services and hand browser session cookies to the agent, so it needs careful review.
Install only if you are comfortable reviewing and running third-party code from GitHub, Docker images, and MCP servers. Use --dry-run or --safe first, isolate the environment, avoid main-account cookies, and treat any browser cookie string as a password-equivalent secret.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or changed upstream package or container could run code on the user's machine or alter the agent's tool environment.
The skill directs installation from an unpinned GitHub branch archive, then a default automatic dependency installer, and also a third-party Docker image without a pinned digest. Those are significant supply-chain and provenance risks.
pip install https://github.com/Panniantong/agent-reach/archive/main.zip ... agent-reach install --env=auto ... docker run -d --name xiaohongshu-mcp ... xpzouying/xiaohongshu-mcp
Review Agent Reach and the referenced MCP/container projects first, pin to trusted commits or image digests, use --dry-run/--safe before installing, and prefer an isolated virtual environment or container.
If the cookie is exposed, logged, mishandled, or used beyond the intended task, someone or some tool may be able to act as the user's social-platform account.
Browser cookie header strings are account session credentials. The skill asks the user to give them to the agent and persist them locally, while the registry metadata declares no primary credential.
Cookie 导出方法:浏览器登录平台 → 安装 Cookie-Editor ... Export → Header String → 发给 Agent。 ... agent-reach configure twitter-cookies "COOKIE_STRING" ... Cookie 只存本地 `~/.agent-reach/config.yaml`
Do not provide cookies for main accounts. Use throwaway or least-privilege accounts, avoid pasting cookies into shared chats, confirm exactly where they are stored, and revoke/logout sessions after use.
If allowed without review, the agent could run install, configuration, scraping, or maintenance commands that change the local environment.
The skill explicitly requires shell execution and provides many command examples. This is central to the web-collection purpose, but it gives the agent a powerful local execution path.
metadata:\n openclaw:\n requires:\n tools: [exec]
Require user confirmation for install/configuration commands, inspect commands before execution, and run them in a restricted environment where possible.
Queries, platform identifiers, or account-backed requests may be sent to MCP services whose behavior is not reviewed in this artifact.
The skill routes agent actions through MCP services and localhost endpoints. That is purpose-aligned, but the artifact does not describe the identity, trust boundary, or data handling of those MCP servers.
mcporter config add xiaohongshu http://localhost:18060/mcp ... Exa (MCP) ... douyin-mcp-server ... linkedin-mcp ... mcp-bosszp
Use only trusted MCP servers, keep localhost services private, avoid sending sensitive data unless necessary, and review each MCP server's code and configuration.
A scheduled watcher may keep running after the initial setup and continue checking or maintaining the tool environment.
The skill documents a watch command suitable for scheduled tasks. It is disclosed and user-directed, but it could create long-running behavior if the user schedules it.
健康检查(适合定时任务):\n```bash\nagent-reach watch\n```
Only schedule the watch command intentionally, document where it is configured, and remove the scheduled task if you no longer need it.