Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Reach
v0.1.0Give your AI agent eyes to see the entire internet. Install and configure upstream tools for Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu, Douyi...
⭐ 8· 1.7k·10 current·13 all-time
by@ma-star
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (install/configure upstream platform tools) matches the SKILL.md actions: installing an 'agent-reach' installer, tooling like xreach, mcporter, yt-dlp, and guiding cookie/proxy configuration. However, the skill's metadata declares no required env vars or config paths even though the instructions will store tokens/config under ~/.agent-reach and read browser cookies — a proportionality mismatch.
Instruction Scope
SKILL.md instructs the agent to collect and accept raw authentication cookies (paste 'Header String') and to optionally auto-extract cookies from a local browser ('--from-browser chrome'), which implies reading local browser storage. It also directs installing and running upstream CLIs and writing persistent config under ~/.agent-reach. These are sensitive operations (cookie/token collection, local file access) not declared in the skill metadata and grant broad access to user accounts.
Install Mechanism
There is no install spec in the registry, but the runtime instructions tell users to run pip install against a GitHub archive URL (main.zip). Installing from an unpinned branch/archive pulls arbitrary code that may change; the installer then pulls/sets up many third-party tools. This is higher risk than using a pinned release or reviewing the package beforehand.
Credentials
The registry lists no required credentials, yet the instructions require sensitive data (session cookies, proxy credentials, 'API Key' for third-party services) and store them under ~/.agent-reach. Asking users to paste cookie header strings or enabling browser cookie extraction is a direct request for secrets that is not reflected in metadata and increases the chance of accidental credential exposure.
Persistence & Privilege
The skill will create files and persistent configs under ~/.agent-reach and /tmp per the instructions. always:false (default) is appropriate, but persistent storage of credentials combined with autonomous agent invocation (default allowed) raises risk: stored secrets could be reused or accessed later. The skill does not declare these config paths in metadata.
What to consider before installing
This skill appears to do what it claims (set up many platform access tools), but it asks for high-risk actions that you should not do lightly. Before installing or running it: (1) do not paste real primary-account cookies — use a dedicated throwaway account if you must test; (2) avoid the '--from-browser' auto-extract option unless you run the installer locally and trust the codebase; (3) prefer OAuth/API tokens scoped minimally rather than raw session cookies; (4) do not pip install unpinned archives from main branches without reviewing the repository; ask the author for a pinned release or a reproducible install spec and review the code in https://github.com/Panniantong/agent-reach if possible; (5) expect the tool to write persistent credentials under ~/.agent-reach — inspect and securely delete/revoke them if needed; (6) consider running this in an isolated VM/container and revoke any cookies/tokens after use. The registry metadata not declaring required credentials or config paths is a red flag — request clarification from the publisher before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk973s7y9g65a9t2wf23ksk8w6982ajgk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.