← Back to Skills Marketplace
824
Downloads
6
Stars
9
Active Installs
1
Versions
Install in OpenClaw
/install web-scout
Description
给 AI Agent 一键装上全网采集能力。基于 Agent Reach,支持 Twitter/X、Reddit、YouTube、B站、小红书、抖音、GitHub、LinkedIn、Boss直聘、RSS、全网搜索等平台。一条命令安装,零 API 费用。
Usage Guidance
This skill is suspicious because its runtime steps require many tools and sensitive credentials that are not declared in the metadata. Before installing: 1) Inspect the GitHub repo (prefer a pinned release/tag, not main.zip) and review the code you will pip-install. 2) Run any install inside an isolated environment (VM or container) and use a Python venv; avoid installing directly on a production host. 3) Use --dry-run or --safe modes first to see what would be installed. 4) Never paste your primary account cookies/API keys into an agent; use throwaway/test accounts if you must provide cookies, and verify where and how they are stored (~/.agent-reach/config.yaml). 5) Verify any Docker images (e.g., xpzouying/xiaohongshu-mcp) on Docker Hub and prefer self-hosted audited alternatives. 6) Require the publisher to update the skill metadata to list required binaries and secrets; if they cannot justify the missing declarations, avoid installing. If you want, I can produce a short checklist of specific files/commands to audit in the referenced repo before you proceed.
Capability Analysis
Type: OpenClaw Skill
Name: web-scout
Version: 1.0.0
This skill bundle is classified as suspicious due to its explicit requirement for the `exec` tool, which enables arbitrary shell command execution, creating a significant attack surface for prompt injection. Key indicators include instructions to run `docker run` with an external image (`xpzouying/xiaohongshu-mcp`) and examples of `python3 -c` execution, both found in `SKILL.md`. While these capabilities are presented for the stated purpose of web scouting, they introduce high-risk vulnerabilities and supply chain risks, allowing for potential arbitrary code execution and host compromise if the agent is prompted maliciously or if external dependencies are compromised. There is no clear evidence of intentional malicious behavior by the skill itself, but rather a collection of powerful, risky capabilities.
Capability Assessment
Purpose & Capability
The described purpose (web data collection) legitimately requires platform credentials, CLI tools, and possibly Docker/MCP services. However, the registry metadata lists no required binaries, no environment variables, and no config paths even though the instructions clearly depend on many external tools (pip, gh CLI, yt-dlp, docker, mcporter/mcporter-related services, Docker images) and credentials (browser cookies, login sessions). This mismatch is incoherent — either the metadata is incomplete or the skill is hiding required capabilities.
Instruction Scope
SKILL.md directs the user/agent to: pip install a GitHub main.zip (arbitrary code), run agent-reach install which auto-installs many dependencies, launch Docker containers, configure proxies, and import/export browser cookies (with the explicit instruction to '发给 Agent' — send cookie header string to the agent). It also instructs storing cookies in ~/.agent-reach/config.yaml. These instructions go beyond a simple helper: they require installation of third-party software, user secrets, and starting services on the host.
Install Mechanism
Install is done via pip install of a GitHub archive (https://github.com/.../archive/main.zip). Installing from an unpinned main branch zip can execute arbitrary and changing code and is higher risk than using a pinned release or vetted package. There is no install.spec in the registry (instruction-only), so installing this skill requires running network downloads and package installs outside the registry's control.
Credentials
Although the skill metadata declares no required credentials, the runtime instructions require sensitive secrets: exported browser cookie strings for Twitter/X and Xiaohongshu, logins for GitHub/LinkedIn, proxy credentials, and potentially Docker image network access. The skill claims cookies are stored locally with file perms 600, but asking users to export and send cookie header strings to an agent expands the attack surface and is not justified by the metadata.
Persistence & Privilege
The skill does not request 'always: true' and does not claim elevated platform privileges. It suggests using agent-reach watch for health checks and has commands to run and uninstall. Autonomous invocation remains possible (platform default) but is not uniquely elevated by this skill. Still, an installed agent-reach tool that can run periodic tasks and hold cookies increases long-term exposure if installed without isolation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install web-scout - After installation, invoke the skill by name or use
/web-scout - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- 首发版本,基于 Agent Reach 封装,助力 AI Agent 一键集成全网采集能力
- 支持 Twitter/X、Reddit、YouTube、B站、小红书、抖音、GitHub、LinkedIn、Boss直聘、RSS、全网搜索等主流平台
- 提供简单的安装配置流程,支持自动依赖安装、平台 Cookie 配置和代理设置
- 丰富命令速查表,覆盖多平台采集、搜索与内容提取操作
- 强调安全性:本地存储 Cookie、可选安全/预览模式、全开源可审查
Metadata
Frequently Asked Questions
What is Web Scout?
给 AI Agent 一键装上全网采集能力。基于 Agent Reach,支持 Twitter/X、Reddit、YouTube、B站、小红书、抖音、GitHub、LinkedIn、Boss直聘、RSS、全网搜索等平台。一条命令安装,零 API 费用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 824 downloads so far.
How do I install Web Scout?
Run "/install web-scout" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Web Scout free?
Yes, Web Scout is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Web Scout support?
Web Scout is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Web Scout?
It is built and maintained by 子豪 (@aizain); the current version is v1.0.0.
More Skills