Ai Connect
WarnAudited by ClawScan on May 16, 2026.
Overview
This internet lookup skill is mostly purpose-aligned, but it asks users to give the agent browser login cookies for social accounts without explaining storage, scope, or safeguards.
Review this skill carefully before use. Its public web-reading commands are broadly aligned with its purpose, but do not provide browser cookies for important accounts unless you understand exactly where they will be stored, who can access them, and how to remove or revoke them later.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Handing over cookies may let the agent or related tooling act as your logged-in account on supported platforms.
The skill asks users to export browser session cookies and give them to the agent for account-backed platform access, but it does not bound how those credentials are stored, used, or revoked.
部分平台需要登录 Cookie... 用 Cookie-Editor 插件导出 Cookie... 告诉 Agent「帮我配 Twitter,小红书等」
Only use disposable or low-privilege accounts if possible, avoid sharing cookies for sensitive accounts, and require clear documentation on storage, access scope, and cleanup before configuring cookies.
Public URLs and queries may be fetched through external tools or services, and unsafe handling of unusual URLs could cause unintended command behavior.
The skill directs the agent to run command-line/network tools with user-provided URLs and search terms; this is central to the skill's purpose, but users should understand that URLs may be sent to external services and commands should be safely parameterized.
→ curl https://r.jina.ai/URL ... → yt-dlp --dump-json URL ... → gh repo view owner/repo
Use the skill only with links and queries you intend to share with the retrieval service, and avoid passing private URLs with secrets or tokens in them.
The safety of actual execution depends on whatever local tools named by these commands are installed on the user's machine.
The instructions depend on several external or custom helper commands, but the supplied package contains no code or install spec to verify their provenance or exact behavior.
→ twitter tweet URL ... → rdt view URL ... → xhs get URL ... → weibo trending ... → agent-reach doctor
Verify the source and permissions of any required helper tools before using the skill, especially tools that receive cookies or authenticated sessions.