Agent Reach
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill is useful for setting up web-platform access, but it asks the agent to install unpinned external tools and handle browser/account cookies, with some commands capable of public posting.
Review this carefully before installing. If you proceed, pin and inspect the upstream package, use a disposable or secondary account for each platform, avoid sharing primary browser cookies, and require manual confirmation before any command that posts or changes account data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent or installed tools could access logged-in platform accounts using the user's session cookies, which may expose accounts to misuse, leakage, or platform bans.
Session cookies and browser cookie stores are account credentials. The skill asks the agent or upstream tools to handle them, including automatic browser extraction, but does not clearly bound which cookies are read, how they are protected, or how users revoke them.
agent-reach configure twitter-cookies "auth_token=xxx; ct0=yyy" agent-reach configure --from-browser chrome # auto-extract cookies from local browser
Use only dedicated secondary accounts, avoid automatic browser-cookie extraction unless you fully trust the upstream installer and tools, and require clear documentation for credential scope, storage location, deletion, and revocation.
Code or dependencies can change outside this skill review, and the installed tools may later receive sensitive cookies or account access.
The install path pulls executable code from an unpinned GitHub main-branch archive and then runs an auto-installer that adds additional tools. Those upstream files are not included in the reviewed artifact set.
pip install https://github.com/Panniantong/agent-reach/archive/main.zip agent-reach install --env=auto ... `install` auto-detects your environment and installs core dependencies (Node.js, mcporter, xreach CLI, gh CLI, yt-dlp, feedparser).
Pin the install to a reviewed release or commit, provide an install spec and dependency lock information, and review the upstream repository before providing cookies or account credentials.
If connected to an account, the agent could potentially make public posts or other account changes when using these tools.
The skill documents direct use of raw upstream commands, including a command that can publish public content through a logged-in account, without stating a required explicit user confirmation step.
After `agent-reach install`, call the upstream tools directly. ... # Publish image post mcporter call 'xiaohongshu.publish_content(title: "Title", content: "Content", images: ["/path/to/img.jpg"], tags: ["food"])'
Separate read-only commands from write/publish commands and require explicit user confirmation before any posting, account mutation, bulk action, or public output.