Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fox Agent Reach
v1.0.0Give your AI agent eyes to see the entire internet. 7500+ GitHub stars. Search and read 14 platforms: Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongS...
⭐ 0· 46·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description says the skill can search/read many platforms, and the SKILL.md shows how to do that, but the registry metadata declares no required binaries, no env vars, and no install steps. In reality the instructions reference many external tools (yt-dlp, gh, mcporter, xreach, mcporter, python modules like miku_ai, feedparser, undici npm, and a local wechat tool). It's incoherent to claim 'no required binaries' while instructing the agent to call many CLIs and to persist data in ~/.agent-reach.
Instruction Scope
The runtime instructions tell the agent to run many networked commands, read arbitrary URLs, use local persistent storage (~/.agent-reach), and instruct the user to supply cookies for some channels. They also direct fetching/using a local tool for WeChat articles and link to external install docs. Asking for cookies and telling the agent to use ~/.agent-reach expands scope beyond simple read-only web search and raises sensitive-data handling concerns.
Install Mechanism
There is no install spec in the skill bundle (instruction-only). The SKILL.md points to an upstream GitHub install guide (raw.githubusercontent.com), which is a common pattern, but the skill does not declare the many dependencies it expects or provide a built-in, auditable install step — reducing transparency about what will be written/executed on disk.
Credentials
The guide explicitly expects the user to provide cookies for certain channels ('User only provides cookies'), yet the skill declares no required credentials or primaryEnv. Requesting cookies (session tokens) for multiple platforms is high-sensitivity and should be declared and constrained; as presented it is disproportionate and under-specified.
Persistence & Privilege
The instructions tell the agent to store persistent data under ~/.agent-reach and to run code from ~/.agent-reach/tools/..., which gives the skill write/execute capability in the user's home directory. The skill is not always-enabled, but persisting data and running local helper scripts increases its privilege and blast radius and should be clearly documented and consented to.
What to consider before installing
This skill appears to implement a broad web-reading tool, but its package metadata is incomplete and it asks you to provide sensitive cookies and to allow persistent files under ~/.agent-reach. Before installing or using it, ask the publisher for: (1) a complete list of required binaries and Python/npm packages, (2) exact details what cookies/tokens are needed and how they will be stored/secured, (3) the full install steps and what the install writes to disk, and (4) a clear privacy/security policy for saved data. If you must try it, run it in an isolated environment (container or VM), do not supply real account cookies (use throwaway/test accounts), inspect the upstream install script on GitHub before running, and prefer oauth/api tokens with limited scopes instead of raw session cookies.Like a lobster shell, security has layers — review code before you run it.
latestvk970xk3e393xwmb3anj3j3g8q583rw6p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.