Agent Reach.Bak
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches a web-search/read purpose, but it asks the agent to use browser cookies, run unreviewed setup/helper code, bypass anti-bot protections, and potentially post to accounts without clear safety boundaries.
Install only if you are comfortable giving the agent logged-in platform access and running remote or unreviewed tools. Prefer isolated accounts, never share your everyday browser session cookies, review the remote install guide and helper code first, require explicit confirmation before any post/comment/action, and periodically inspect or remove ~/.agent-reach data.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could gain logged-in access to user platform accounts, and mishandling cookies could expose or misuse account sessions.
Browser cookies and imported login cookies are account/session credentials. The artifacts do not clearly declare, scope, store, or limit this credential access.
Use `--cookies-from-browser chrome` or configure proxy. ... Requires login. Use Cookie-Editor to import cookies.
Use only isolated or throwaway accounts/cookies, avoid sharing normal browser sessions, and require the skill to declare and narrowly scope any credential use.
A mistaken or over-broad agent action could publish content or interact publicly from the user's account.
The skill includes public account-mutation capabilities, but it does not specify confirmation, preview, scope limits, or rollback expectations before posting.
user asks to post, comment, or interact on supported platforms ... `xiaohongshu.publish_content(title: "标题", content: "正文", images: ["/path/img.jpg"], tags: ["tag"])`
Require explicit user confirmation for every post/comment/interaction, show the exact final content and target account, and avoid autonomous publishing.
The agent may install or run code that was not reviewed in this package, potentially while using sensitive account cookies.
The reviewed package has no install spec or code, but it delegates setup to a mutable remote URL and tells the agent to perform the rest while handling cookies.
If a channel needs setup (cookies, Docker, etc.), fetch the install guide: https://raw.githubusercontent.com/Panniantong/agent-reach/main/docs/install.md User only provides cookies. Everything else is your job.
Pin and vendor setup instructions or scripts in the package, review the remote guide before use, and do not combine unreviewed setup with real account cookies.
Running unreviewed helper code can affect the local environment, and anti-bot bypass automation may create account, legal, or service-policy risk.
The skill instructs running a Python helper from a persistent tools directory and explicitly frames it as anti-bot bypass behavior; the helper code is not included for review.
Read (Camoufox — bypasses WeChat anti-bot): `cd ~/.agent-reach/tools/wechat-article-for-ai && python3 main.py "https://mp.weixin.qq.com/s/ARTICLE_ID"`
Do not run this helper unless its source is reviewed and trusted; avoid anti-bot bypass workflows unless the user explicitly accepts the risk.
Search terms, URLs, or profile lookup targets may be sent to third-party services.
The skill routes searches and profile lookups through external mcporter/provider tools. This is aligned with the web-research purpose, but users should expect queries and URLs to leave the local agent context.
`mcporter call 'exa.web_search_exa(query: "query", numResults: 5)'` ... `mcporter call 'linkedin.search_people(keyword: "AI engineer", limit: 10)'`
Avoid sending sensitive queries or private URLs through these tools unless the provider and its data handling are acceptable.
Files, caches, or configuration may remain in the user's home directory after the task is done.
The skill discloses persistence outside the workspace. That can be legitimate for configuration, but retention and cleanup are not described.
Never create files in the agent workspace. Use `/tmp/` for temporary output and `~/.agent-reach/` for persistent data.
Document what is stored in ~/.agent-reach, provide a cleanup command, and avoid storing sensitive session material unless necessary and protected.