Skillv1.0.0

ClawScan security

Edison Agent Reach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 1:42 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions expect many third‑party CLIs, browser cookies, proxy/configuration, and code from external URLs but the skill metadata declares no binaries, installs, credentials, or config paths — the pieces don't line up and you should be cautious before using it or giving it cookies/credentials.
Guidance: This skill is an instruction-only wrapper that assumes many external tools, browser cookies, and downloadable scripts but the metadata doesn't declare those requirements. Before installing or using it: (1) do not share raw browser cookies or session tokens unless you fully trust the code — cookies allow account access and should be avoided or replaced with scoped API tokens; (2) ask the skill author or registry for a full install manifest (what binaries are required, what exact files are written under ~/.agent-reach, and what network endpoints are contacted); (3) inspect the linked GitHub install guide and any scripts it would run before executing them — treat raw GitHub URLs as executable code; (4) run any setup in an isolated/sandboxed environment if you must test it; (5) prefer skills that explicitly declare required binaries, config paths, and credentials. If you want help reviewing the referenced install guide or the GitHub repo contents, provide the URLs and I can summarize the files to help you decide.

Review Dimensions

Purpose & Capability: concernThe skill claims to 'use the internet' across 13+ platforms and its SKILL.md contains commands for many tools (agent-reach, mcporter, xreach, yt-dlp, gh, gh CLI, undici, Camoufox scripts, etc.) and expects persistent data under ~/.agent-reach. Yet the registry metadata lists no required binaries, no required config paths, and no credentials. That is inconsistent: a skill that needs those tools and storage should declare them (or provide an install spec).
Instruction Scope: concernThe SKILL.md tells the agent to run commands that fetch web content, run local Python scripts (e.g. Camoufox under ~/.agent-reach/tools), import browser cookies, configure proxies, and use tools that bypass anti-bot protections. It also instructs ‘User only provides cookies. Everything else is your job.’ These instructions go beyond just 'read a URL' — they direct use of browser session cookies and third‑party scripts, and to persist data under the user's home directory. The metadata does not disclose these behaviours.
Install Mechanism: concernThere is no formal install specification in the registry, but the SKILL.md refers to an external raw GitHub URL (https://raw.githubusercontent.com/...) for the install guide and expects tools like agent-reach/mcporter to be present. That means the agent or operator may be asked to download and run code from external sources at runtime even though no install policy is declared — a higher-risk pattern and an incoherence with the 'no install' metadata.
Credentials: concernThe skill does not declare any required environment variables or primary credential, but it explicitly expects browser cookies (sensitive session credentials), recommends importing cookies via Cookie-Editor, and may ask you to configure proxies or install npm packages (undici). Requesting raw cookies is high-risk and should be declared up front; the lack of declared credentials is inconsistent and disproportionate.
Persistence & Privilege: notealways:false (normal) and the skill can be invoked by the agent. The SKILL.md asks to store persistent data under ~/.agent-reach and run tools from there; writing to its own directory is normal for a tool, but the skill did not declare required config paths. This matters because downloaded scripts and persisted cookies under a home directory can be reused later.