Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Moss Skill-9
v1.0.0Give your AI agent eyes to see the entire internet. Install and configure upstream tools for Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu, Douyi...
⭐ 0· 242·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (give the agent access to many platforms) aligns with the instructions to install 'agent-reach' and upstream CLIs (yt-dlp, mcporter, xreach, etc.). Installing Node.js, yt-dlp, and platform CLIs is proportionate. However, the install source is a GitHub main.zip (not an official release), which is less verifiable than a published release or known package.
Instruction Scope
Runtime instructions explicitly tell the agent to obtain and use sensitive browser cookies (via Cookie-Editor or auto-extraction with `--from-browser chrome`) and to configure proxies and API keys. Those actions involve collecting highly sensitive secrets and accessing local browser state; the SKILL.md does not declare or justify these secrets in the registry metadata. It also instructs executing arbitrary installer commands which will run on the host.
Install Mechanism
The registry has no formal install spec, but the instructions tell the user to run `pip install https://github.com/.../archive/main.zip` (the repository's main branch archive). Installing directly from a repo main branch is common but riskier than installing a signed/released package or official distribution. The tool then installs/depends on multiple runtimes (Node.js, gh CLI, yt-dlp, etc.), which is plausible for the stated purpose but increases the attack surface.
Credentials
The skill declares no required env vars, yet the instructions ask for browser cookies, recommend providing proxy credentials, and reference API keys (truncated mentions of an 'API Key' for an AI/extraction step). Requesting cookies and other secrets is consistent with enabling auth for platforms, but these sensitive inputs are not declared in metadata — users should not paste session cookies for primary accounts and should understand the sensitivity.
Persistence & Privilege
The skill is not always-enabled and does not request special platform-wide privileges, but it instructs installing tools and writing configs to ~/.agent-reach (persistent on the host). That is expected for a channel-installer but means the installed tools and saved tokens/cookies will persist on disk and could be reused by the agent or other processes.
What to consider before installing
This skill appears to do what it says (install tooling to access many platforms), but it requires highly sensitive data (browser cookies, proxy credentials, API keys) and tells you to install code from an unverified GitHub main.zip. Before installing: (1) inspect the upstream repository and prefer an official release or vetted package; (2) avoid pasting cookies from your main accounts — use disposable/test accounts; (3) if you must let the tool read your browser, only run it on a machine you control and understand it will access browser cookies; (4) consider running the installer in an isolated VM/container; (5) review where ~/.agent-reach stores tokens and remove them when done. If you want, I can list the exact commands the skill will run and checks you can perform on the GitHub repo before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk970zqhhxv1c73w1s96rc145as82cyyf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.