Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Reach
v1.1.0Give your AI agent eyes to see the entire internet. 7500+ GitHub stars. Search and read 14 platforms: Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongS...
⭐ 16· 9.8k·497 current·517 all-time
byPnant@panniantong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (multi-platform web reader) aligns with the commands and channels referenced (curl, yt-dlp, gh, mcporter, etc.). However, the skill does not declare that it needs authentication assets (cookies, xsec_token) or third-party proxies even though many platform integrations explicitly require them. Asking the user to provide cookies/tokens for channels like XiaoHongShu and WeChat is consistent with the feature set but is not declared in required credentials.
Instruction Scope
SKILL.md instructs the agent to run many shell commands and to hand off URLs/content to external services (e.g., https://r.jina.ai/URL and raw.githubusercontent.com). It explicitly instructs using browser cookies and tokens and to run local Python tools under ~/.agent-reach (Camoufox/wechat-article-for-ai). These instructions enable the agent to collect and transmit sensitive authentication cookies/tokens and to execute third-party code without an explicit install or trust step — a potential data-exfiltration and execution risk.
Install Mechanism
There is no install spec (instruction-only), which lowers direct install risk. But the guide presumes many external tools are present or will be installed (yt-dlp, gh, mcporter, xreach, miku_ai, feedparser, undici/npm packages). The lack of an install spec makes it unclear how those binaries get provisioned and whether the required code comes from trusted releases.
Credentials
Registry metadata lists no required env vars/credentials, yet the runtime instructions ask for cookies, xsec_token, proxy URLs, and possibly npm packages (undici) and other tokens. Requesting full browser cookies or session tokens is sensitive and not justified or gated in the skill metadata; this mismatch increases risk of accidental credential exposure.
Persistence & Privilege
The skill advises storing persistent data under ~/.agent-reach and temporary files in /tmp. While not marked always:true, this persistent storage location lets the skill (or tools it runs) retain cookies, tokens, or downloaded code across runs. The skill giving itself a home directory plus instructions to run local tools that may be downloaded later raises persistence and surprise-execution risk.
What to consider before installing
This skill appears to be a coherent multi-platform web-reader, but it asks you (implicitly) for sensitive cookies/tokens and to run many external tools and third-party proxies without declaring those needs. Before installing or using it: (1) Inspect the upstream GitHub repo and the exact scripts the skill would run (especially anything under ~/.agent-reach). (2) Never paste full browser cookies/session tokens into chat — prefer short-lived, scoped API tokens or read-only methods. (3) Prefer running these tools inside a sandbox/container and review any code downloaded into ~/.agent-reach. (4) Be cautious about the r.jina.ai/raw.githubusercontent.com calls: they forward your URLs/content to third parties. (5) If you must use the skill, restrict network access and check what the agent will store persistently; require the agent to ask for explicit approval before accepting any cookies/tokens. (6) If uncertain, decline to provide authentication data and use only public, read-only endpoints (or run the commands yourself).Like a lobster shell, security has layers — review code before you run it.
latestvk9788s492xcsjnqv6chtzc1jtx82ntz3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.