Agent Reach
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: skill-9 Version: 0.1.0 The skill bundle installs a management toolset from a remote GitHub repository (Panniantong/agent-reach) to enable agent access to various social media platforms. It includes high-risk capabilities such as automated extraction of session cookies from local browsers (`--from-browser chrome`) and instructions for the agent to handle sensitive authentication tokens for platforms like Twitter and LinkedIn. While these features are functionally relevant to the stated goal of platform integration, the combination of remote code execution during setup and the handling of sensitive browser data presents a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it could execute changing third-party code and install dependencies that were not reviewed in this skill package.
The skill directs installation from an unpinned GitHub main-branch archive and then runs an auto-installer for multiple tools, while the registry provides no install spec or code files to review.
pip install https://github.com/Panniantong/agent-reach/archive/main.zip agent-reach install --env=auto ... `install` auto-detects your environment and installs core dependencies
Only install after reviewing the upstream repository; prefer a pinned release or hash, run in a sandbox, and avoid automatic setup on sensitive machines.
The agent or installed tools may be able to act as the user on logged-in platforms, and exposed cookies can put accounts at risk.
The skill asks for live session cookies and offers automatic extraction from a local browser; those cookies can grant account access, but the artifacts do not clearly bound which sessions are extracted, how they are protected, or how to revoke them.
agent-reach configure twitter-cookies "auth_token=xxx; ct0=yyy" agent-reach configure --from-browser chrome # auto-extract cookies from local browser
Use dedicated low-privilege accounts, avoid giving main-account cookies, do not use browser-wide extraction unless you understand its scope, and revoke/clear cookies after use.
If used carelessly, the agent could make public posts or other account actions through authenticated platform tools.
The skill encourages direct upstream tool use and documents account-mutating public posting commands, without visible confirmation, scope, or rollback guidance.
After setup, call the upstream tools directly — no wrapper layer. ... mcporter call 'xiaohongshu.publish_content(title: "标题", content: "正文", images: ["/path/to/img.jpg"], tags: ["美食"])'
Require explicit user confirmation before any posting, commenting, liking, uploading, or account-changing action, and keep read-only workflows separate from write-capable tools.
Tools, services, and credentials may remain on the machine after the initial setup task.
The skill discloses persistent tool/config locations and may start services during setup; this appears purpose-aligned, but there is no visible stop, cleanup, or credential-removal guidance.
Execute what you can automatically (install packages, start services) ... Upstream tool repos | `~/.agent-reach/tools/` Config & tokens | `~/.agent-reach/`
Ask for confirmation before starting services and document how to stop services and remove ~/.agent-reach credentials when no longer needed.