Agent Reach
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is a broad social-platform installer that asks the agent to run unpinned remote setup code and handle browser cookies/session credentials.
Install only if you trust and have reviewed the upstream Agent Reach project. Prefer a sandbox, pinned versions, and dedicated platform accounts. Do not provide main-account browser cookies unless you understand the risk, and require explicit confirmation before any action that posts, uploads, or changes account state.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it could execute changing third-party code and install dependencies that were not reviewed in this skill package.
The skill directs installation from an unpinned GitHub main-branch archive and then runs an auto-installer for multiple tools, while the registry provides no install spec or code files to review.
pip install https://github.com/Panniantong/agent-reach/archive/main.zip agent-reach install --env=auto ... `install` auto-detects your environment and installs core dependencies
Only install after reviewing the upstream repository; prefer a pinned release or hash, run in a sandbox, and avoid automatic setup on sensitive machines.
The agent or installed tools may be able to act as the user on logged-in platforms, and exposed cookies can put accounts at risk.
The skill asks for live session cookies and offers automatic extraction from a local browser; those cookies can grant account access, but the artifacts do not clearly bound which sessions are extracted, how they are protected, or how to revoke them.
agent-reach configure twitter-cookies "auth_token=xxx; ct0=yyy" agent-reach configure --from-browser chrome # auto-extract cookies from local browser
Use dedicated low-privilege accounts, avoid giving main-account cookies, do not use browser-wide extraction unless you understand its scope, and revoke/clear cookies after use.
If used carelessly, the agent could make public posts or other account actions through authenticated platform tools.
The skill encourages direct upstream tool use and documents account-mutating public posting commands, without visible confirmation, scope, or rollback guidance.
After setup, call the upstream tools directly — no wrapper layer. ... mcporter call 'xiaohongshu.publish_content(title: "标题", content: "正文", images: ["/path/to/img.jpg"], tags: ["美食"])'
Require explicit user confirmation before any posting, commenting, liking, uploading, or account-changing action, and keep read-only workflows separate from write-capable tools.
Tools, services, and credentials may remain on the machine after the initial setup task.
The skill discloses persistent tool/config locations and may start services during setup; this appears purpose-aligned, but there is no visible stop, cleanup, or credential-removal guidance.
Execute what you can automatically (install packages, start services) ... Upstream tool repos | `~/.agent-reach/tools/` Config & tokens | `~/.agent-reach/`
Ask for confirmation before starting services and document how to stop services and remove ~/.agent-reach credentials when no longer needed.