Give your AI agent eyes to see the entire internet. Install and configure upstream tools for Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu, Douyi...
Security Analysis
medium confidenceThe instructions broadly match a tool that gives an agent access to many platforms, but the skill asks the agent to install and run third‑party code, collect sensitive cookies and tokens, and access browser/local data while the registry metadata declares no install, credentials, or config paths — these mismatches and the unpinned install instruction are risky and deserve review before use.
The name/description (install/configure upstream platform tools) matches the SKILL.md actions: installing an 'agent-reach' installer, tooling like xreach, mcporter, yt-dlp, and guiding cookie/proxy configuration. However, the skill's metadata declares no required env vars or config paths even though the instructions will store tokens/config under ~/.agent-reach and read browser cookies — a proportionality mismatch.
SKILL.md instructs the agent to collect and accept raw authentication cookies (paste 'Header String') and to optionally auto-extract cookies from a local browser ('--from-browser chrome'), which implies reading local browser storage. It also directs installing and running upstream CLIs and writing persistent config under ~/.agent-reach. These are sensitive operations (cookie/token collection, local file access) not declared in the skill metadata and grant broad access to user accounts.
There is no install spec in the registry, but the runtime instructions tell users to run pip install against a GitHub archive URL (main.zip). Installing from an unpinned branch/archive pulls arbitrary code that may change; the installer then pulls/sets up many third-party tools. This is higher risk than using a pinned release or reviewing the package beforehand.
The registry lists no required credentials, yet the instructions require sensitive data (session cookies, proxy credentials, 'API Key' for third-party services) and store them under ~/.agent-reach. Asking users to paste cookie header strings or enabling browser cookie extraction is a direct request for secrets that is not reflected in metadata and increases the chance of accidental credential exposure.
The skill will create files and persistent configs under ~/.agent-reach and /tmp per the instructions. always:false (default) is appropriate, but persistent storage of credentials combined with autonomous agent invocation (default allowed) raises risk: stored secrets could be reused or accessed later. The skill does not declare these config paths in metadata.
Guidance
This skill appears to do what it claims (set up many platform access tools), but it asks for high-risk actions that you should not do lightly. Before installing or running it: (1) do not paste real primary-account cookies — use a dedicated throwaway account if you must test; (2) avoid the '--from-browser' auto-extract option unless you run the installer locally and trust the codebase; (3) prefer OAuth/API tokens scoped minimally rather than raw session cookies; (4) do not pip install unpinned archives from main branches without reviewing the repository; ask the author for a pinned release or a reproducible install spec and review the code in https://github.com/Panniantong/agent-reach if possible; (5) expect the tool to write persistent credentials under ~/.agent-reach — inspect and securely delete/revoke them if needed; (6) consider running this in an isolated VM/container and revoke any cookies/tokens after use. The registry metadata not declaring required credentials or config paths is a red flag — request clarification from the publisher before proceeding.
Latest Release
v0.1.0
agent-reach 0.1.0 — First public release - Initial release of agent-reach with setup and configuration instructions for 13+ major platforms (Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu, Douyin, LinkedIn, Boss直聘, WeChat, RSS, and general web/URL support). - Provides step-by-step guidelines for installation, channel configuration (including cookie and proxy setup), and best practices to avoid workspace pollution. - Includes usage examples for each upstream tool, covering both setup and real-world read/search/publish commands. - Warns users of potential risks (e.g., cookie account security, IP blocking) and offers proxy and cookie management recommendations. - Emphasizes using `agent-reach doctor` for channel status and troubleshooting rather than memorizing platform-specific steps.
Popular Skills
Published by @Ma-star on ClawHub
