Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Reach
v1.1.0Give your AI agent eyes to see the entire internet. Install and configure upstream tools for Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu, Douyi...
⭐ 0· 260·1 current·1 all-time
byNever@neverchenx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (provide access to many platforms) aligns with the actions described (install platform CLIs, configure channels, use yt-dlp, xreach, mcporter, etc.). Requesting Node.js, yt-dlp, gh, and other tooling is proportionate to the aggregator role. However, the skill does not declare any credentials in the registry metadata while its runtime instructions clearly require handing over sensitive session cookies and tokens — a mismatch worth flagging.
Instruction Scope
SKILL.md explicitly instructs the agent/user to export full cookie 'Header String' from a browser extension or use automatic cookie extraction (--from-browser chrome) and then send those cookie strings to the Agent. That is effectively giving the agent account authentication material for many services. The instructions also encourage running commands that will write configs and tokens under ~/.agent-reach and using proxies with potentially embedded credentials. Asking users to paste or allowing automatic extraction of browser cookies is broad and sensitive and is not limited/scoped or constrained in the skill metadata.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md tells users to pip install a GitHub archive URL (github.com/Panniantong/agent-reach/archive/main.zip) which will execute arbitrary Python package installation on the user's machine. Using a direct GitHub zip is common but higher-risk than installing a vetted package from an official registry; the skill also instructs installing multiple external tools (Node, yt-dlp, mcporter, xreach) which is expected for its purpose but increases the attack surface.
Credentials
The registry lists no required credentials, yet the instructions rely heavily on users providing session cookies and tokens (via Cookie-Editor export or automatic extraction). Sensitive data transfer is surfaced only in SKILL.md text, not as declared required env vars or a primary credential. This disconnect makes it hard for users to audit what secrets the skill will handle and how they'll be stored or protected.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (normal). It instructs storing tool repos and config/tokens under ~/.agent-reach, which is consistent with its installer role but means long-lived credentials will be written to the user's home directory. The skill does not explain encryption, permissions, or secure storage of those secrets.
What to consider before installing
Proceed with caution. This skill legitimately needs tooling to read many sites, but it also asks you to provide full browser cookie/header strings (which can log you in as that user). Never paste cookies from a primary/personal account — use a dedicated secondary account. If possible, prefer OAuth tokens or API keys scoped to the minimum permissions instead of session cookies. Before running pip install from the GitHub zip, inspect the repository source and prefer installing inside an isolated environment (virtualenv, container). If using automatic cookie extraction, only do so on a personal/local machine you control and understand where ~/.agent-reach will store credentials; consider encrypting or restricting filesystem permissions. Finally, ask the skill author to (1) declare required credentials in the registry metadata, (2) explain storage/encryption of tokens, and (3) provide a vetted release (tagged GitHub release or published package) rather than an archive from main.Like a lobster shell, security has layers — review code before you run it.
latestvk972szxphj5vw6ph96b03ce49182z9b2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.