Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Edison Agent Reach
v1.0.0Use the internet: search, read, and interact with 13+ platforms including Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu (小红书), Douyin (抖音), WeCha...
⭐ 0· 890·15 current·17 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to 'use the internet' across 13+ platforms and its SKILL.md contains commands for many tools (agent-reach, mcporter, xreach, yt-dlp, gh, gh CLI, undici, Camoufox scripts, etc.) and expects persistent data under ~/.agent-reach. Yet the registry metadata lists no required binaries, no required config paths, and no credentials. That is inconsistent: a skill that needs those tools and storage should declare them (or provide an install spec).
Instruction Scope
The SKILL.md tells the agent to run commands that fetch web content, run local Python scripts (e.g. Camoufox under ~/.agent-reach/tools), import browser cookies, configure proxies, and use tools that bypass anti-bot protections. It also instructs ‘User only provides cookies. Everything else is your job.’ These instructions go beyond just 'read a URL' — they direct use of browser session cookies and third‑party scripts, and to persist data under the user's home directory. The metadata does not disclose these behaviours.
Install Mechanism
There is no formal install specification in the registry, but the SKILL.md refers to an external raw GitHub URL (https://raw.githubusercontent.com/...) for the install guide and expects tools like agent-reach/mcporter to be present. That means the agent or operator may be asked to download and run code from external sources at runtime even though no install policy is declared — a higher-risk pattern and an incoherence with the 'no install' metadata.
Credentials
The skill does not declare any required environment variables or primary credential, but it explicitly expects browser cookies (sensitive session credentials), recommends importing cookies via Cookie-Editor, and may ask you to configure proxies or install npm packages (undici). Requesting raw cookies is high-risk and should be declared up front; the lack of declared credentials is inconsistent and disproportionate.
Persistence & Privilege
always:false (normal) and the skill can be invoked by the agent. The SKILL.md asks to store persistent data under ~/.agent-reach and run tools from there; writing to its own directory is normal for a tool, but the skill did not declare required config paths. This matters because downloaded scripts and persisted cookies under a home directory can be reused later.
What to consider before installing
This skill is an instruction-only wrapper that assumes many external tools, browser cookies, and downloadable scripts but the metadata doesn't declare those requirements. Before installing or using it: (1) do not share raw browser cookies or session tokens unless you fully trust the code — cookies allow account access and should be avoided or replaced with scoped API tokens; (2) ask the skill author or registry for a full install manifest (what binaries are required, what exact files are written under ~/.agent-reach, and what network endpoints are contacted); (3) inspect the linked GitHub install guide and any scripts it would run before executing them — treat raw GitHub URLs as executable code; (4) run any setup in an isolated/sandboxed environment if you must test it; (5) prefer skills that explicitly declare required binaries, config paths, and credentials. If you want help reviewing the referenced install guide or the GitHub repo contents, provide the URLs and I can summarize the files to help you decide.Like a lobster shell, security has layers — review code before you run it.
latestvk978sws09bphdsxa0rbz2wr5ys82ep02
License
MIT-0
Free to use, modify, and redistribute. No attribution required.