Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Reach Local
v1.0.0Give your AI agent eyes to see the entire internet. 7500+ GitHub stars. Search and read 14 platforms: Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongS...
⭐ 0· 114·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims 'one command install' and 'zero config for 8 channels' and declares no required binaries or env vars, but the SKILL.md repeatedly instructs using many external tools (yt-dlp, gh, mcporter, xreach, python packages like miku_ai, feedparser, undici npm, Camoufox) and browser cookies. These runtime dependencies and credential needs are not declared in the metadata and are disproportionate to the 'no requirements' claim.
Instruction Scope
Instructions tell the agent to fetch arbitrary URLs via r.jina.ai, run command-line tools, call mcporter commands, run Python scripts that bypass anti-bot (Camoufox), and prompt the user to provide cookies for login-capable channels. That means the agent would be asked to read/store credentials and send content to third-party proxies — behavior broader than a simple 'read web' skill and not explicitly limited or disclosed in metadata.
Install Mechanism
No install spec is provided in the registry, yet the SKILL.md references 'one command install', links to a GitHub raw install.md, and instructs installing tools (npm undici, gh, yt-dlp, etc.). The absence of a packaged or reviewed install mechanism combined with instructions to fetch and run upstream tools is an incoherence and increases risk because installation would require manual steps that execute external code.
Credentials
Metadata declares no required env vars or credentials, but the instructions explicitly require user cookies, may ask for proxy URLs, and involve tools that need authentication for many platforms. Asking for session cookies (browser export) is sensitive and not represented in requires.env; this is disproportionate and risky without clear justification or safeguards.
Persistence & Privilege
The skill does not set always:true and is not force-installed, but SKILL.md instructs using ~/.agent-reach for persistent data and warns against the agent workspace. That implies storing credentials and state on disk under the user's home directory — a legitimate design choice but one that raises persistence and credential storage concerns which the metadata does not disclose.
Scan Findings in Context
[no-code-scan] expected: The regex-based scanner found no code files to analyze because this is instruction-only (SKILL.md). That explains the lack of code findings but means the security surface is entirely the prose instructions.
What to consider before installing
This skill's instructions require many command-line tools, third-party proxies (r.jina.ai), and user-provided cookies/credentials even though the registry metadata claims no requirements. Before installing or using it: (1) review the upstream GitHub install docs and any install scripts line-by-line; (2) do not paste full browser session cookies or long-lived tokens into chat — prefer read-only API tokens or temporary credentials where possible; (3) be aware that using r.jina.ai or similar proxies sends requested URLs and potentially scraped content to a third party; (4) if you must test, run installs and commands in an isolated environment (container or VM) and inspect ~/.agent-reach before trusting it with credentials; (5) consider disabling autonomous invocation for this skill until you’ve validated the install and credential handling. If you want, I can list the exact tools and sensitive inputs the SKILL.md uses so you can decide which to allow or block.Like a lobster shell, security has layers — review code before you run it.
latestvk97akc5htq5wp1dyj14y7p76w983m1mz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.