Agent Reach Local

Security checks across malware telemetry and agentic risk

Overview

This skill appears to support social-platform research and posting, but it asks for account cookies, persistent local state, broad activation, and anti-bot evasion guidance that need review before use.

Install only after reviewing whether you are comfortable giving this skill access to social-platform cookies and live account actions. Use a dedicated account or browser profile, avoid storing raw cookies where possible, require explicit confirmation before any post/comment/publish action, and do not use the anti-bot bypass workflow on services where it violates terms or account rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill explicitly authorizes persistent storage in ~/.agent-reach/ and later instructs users to provide cookies for channel setup. For a search/read skill, retaining browser-derived session material and other platform state expands the data-handling scope and creates credential exposure and session persistence risk if the agent host is compromised or if cleanup is not enforced.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: The WeChat section directs use of Camoufox specifically to bypass anti-bot protections. Anti-bot evasion materially increases legal, policy, and operational risk and goes beyond normal read/search behavior by encouraging stealth access to protected content paths.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are extremely broad, including generic requests like 'search online', 'research', and common Chinese equivalents. This can cause the skill to activate in many ordinary conversations and unexpectedly invoke external network access or platform tooling without the user understanding the scope.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The manifest says the skill can 'post, comment, or interact' on supported platforms but does not prominently warn about real external side effects. In an agent environment, that omission can lead to unintended actions on live user accounts, content publication, reputation damage, or policy violations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The XiaoHongShu example includes a live publish_content call with title, body, images, and tags, but no warning that it performs a real account action. Demonstrating direct publishing in a general usage guide makes accidental posting more likely, especially when combined with broad triggers and setup guidance.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal