Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Reach
v0.1.0Use the internet: search, read, and interact with 13+ platforms including Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu (小红书), Douyin (抖音), WeCha...
⭐ 0· 355·1 current·1 all-time
by@raiway
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims broad web/ platform access (13+ services) and the instructions show how to do that, but the package declares no required binaries, env vars, or install steps — despite relying on many external tools (mcporter, xreach, yt-dlp, gh, python libraries, npm undici, Camoufox, Cookie-Editor). This mismatch (no declared dependencies while instructing use of many CLIs/libraries) is incoherent.
Instruction Scope
SKILL.md instructs the agent to run many shell commands, to fetch content via third-party proxies (r.jina.ai), to read or import cookies, to run local Python tools (wechat reader), and to post content using local file paths. It also requires storing persistent data under ~/.agent-reach and using browser cookie exports or --cookies-from-browser, which implies access to sensitive local data. These actions go beyond a simple 'search/read' helper and are not constrained or audited by the skill metadata.
Install Mechanism
There is no install spec, yet the guide references installing/usingmultiple third-party tools and an external install guide hosted on raw.githubusercontent.com. Because the skill relies on external binaries and packages but provides no packaged or vetted install instructions, it leaves room for ad-hoc downloads and manual installs from unverified sources.
Credentials
The skill declares no required credentials, but its runtime instructions expect sensitive inputs: cookies, xsec_token, and potentially browser cookie access and proxy configuration. It also instructs persisting those artifacts in ~/.agent-reach. Requesting and storing such credentials is proportionate to posting/reading on logged-in sites, but the absence of any declared env/credential requirements or clear handling policies is a red flag.
Persistence & Privilege
always is false (good), but the guide explicitly directs storing persistent data in ~/.agent-reach (cookies, tools). Persisting login cookies/tokens combined with autonomous invocation increases risk if the agent performs actions without tight user approval. The skill does not request system-wide privileges or change other skills' configs.
What to consider before installing
This skill is plausible for multi-platform web access, but it omits key safety details. Before using/installing: (1) ask the publisher for the source repo and a full list of required binaries/versions and exact install steps; (2) do not paste full browser cookie files — prefer short-lived session tokens or OAuth where possible; (3) verify what will be stored in ~/.agent-reach and where cookies/tokens are kept and encrypted; (4) inspect the external install guide (the raw.githubusercontent.com link) before running any commands; (5) run the tooling in a sandbox or throwaway account if you must provide credentials; (6) be aware that some commands forward URLs to third-party fetchers (r.jina.ai, Camoufox), which sends your requested URLs/content to external services; (7) if you do not trust the author or cannot obtain a clear, auditable install manifest, treat this skill as unsafe to enable with real credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk978sf8q2p3sbdav8s7jhyvpw182c3cp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.