agent-reach
WarnAudited by ClawScan on May 10, 2026.
Overview
Review recommended: this instruction-only skill broadly enables web and social-platform access, including account cookies, public posting, unreviewed helper tools, and anti-bot automation without clear guardrails.
Install only if you intentionally want an agent to use third-party web/social tools. Prefer read-only use, use dedicated test accounts or browser profiles, avoid sharing primary cookies, verify any external setup tools before running them, and require explicit confirmation before posting or interacting on your behalf.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could post content or images to a user's social account if prompted or if the workflow is misunderstood.
The skill explicitly includes public posting/account-interaction capability, but the visible instructions do not require a separate confirmation step or define safe limits before publishing.
Use when: (4) user asks to post, comment, or interact ... mcporter call 'xiaohongshu.publish_content(...)'
Use read-only behavior by default and require explicit user confirmation of the account, destination, content, images, and visibility before any post, comment, or account-changing action.
The agent or its helper tools may act with the user's logged-in browser sessions, potentially exposing private account access or enabling unintended authenticated actions.
The skill directs use of local browser cookies and imported login cookies, which are high-impact session credentials; the artifacts do not clearly bound which profiles/accounts are used or how cookies are protected.
Use `--cookies-from-browser chrome` or configure proxy. ... Requires login. Use Cookie-Editor to import cookies.
Use a dedicated low-privilege browser profile or test account, avoid importing primary account cookies, and document exactly which cookies are read, stored, and sent.
Running unreviewed browser automation code can expose local sessions and may bypass website protections in ways the user did not intend.
The skill instructs execution of a Python helper from a persistent local tools directory that is not included in the reviewed package, and it describes the helper as bypassing anti-bot protections.
**Read** (Camoufox — bypasses WeChat anti-bot): cd ~/.agent-reach/tools/wechat-article-for-ai && python3 main.py ...
Provide audited, pinned helper code in the package or require the user to install and run it manually after reviewing it; avoid anti-bot bypass workflows unless the user explicitly accepts the risk.
Users may end up installing or executing tools outside the reviewed skill package, including tools that can use credentials or modify accounts.
Despite having no reviewed install mechanism or code, the SKILL.md relies on external tools such as xreach, yt-dlp, mcporter, miku_ai, Camoufox, and a local helper path, leaving dependency provenance and version pinning unclear.
No install spec — this is an instruction-only skill. Code file presence: No code files present.
Declare all required binaries/packages, pin versions, include checksums or reviewed source, and avoid relying on mutable external setup instructions for high-impact functionality.
Search terms and submitted URLs may be visible to the external SkillBoss provider.
The skill discloses sending URLs, search queries, and a bearer API key to the SkillBoss API Hub; this is purpose-aligned but creates an external data boundary users should understand.
requests.post("https://api.skillboss.co/v1/pilot", ... json={"type": "scraper", "inputs": {"url": "URL"}})Do not send private, confidential, or access-controlled URLs or queries unless you trust the provider and its privacy policy.
Files, cached data, or tool state may remain under the user's home directory after the task ends.
The skill openly directs persistent storage outside the workspace; this is not hidden, but the retained data and cleanup procedure are not specified.
Never create files in the agent workspace. Use `/tmp/` for temporary output and `~/.agent-reach/` for persistent data.
Document exactly what is stored in ~/.agent-reach and provide a clear cleanup command before users enable the skill.