← 返回 Skills 市场
1885
总下载
8
收藏
11
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-9
功能描述
Give your AI agent eyes to see the entire internet. Install and configure upstream tools for Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu, Douyi...
安全使用建议
This skill appears to do what it claims (set up many platform access tools), but it asks for high-risk actions that you should not do lightly. Before installing or running it: (1) do not paste real primary-account cookies — use a dedicated throwaway account if you must test; (2) avoid the '--from-browser' auto-extract option unless you run the installer locally and trust the codebase; (3) prefer OAuth/API tokens scoped minimally rather than raw session cookies; (4) do not pip install unpinned archives from main branches without reviewing the repository; ask the author for a pinned release or a reproducible install spec and review the code in https://github.com/Panniantong/agent-reach if possible; (5) expect the tool to write persistent credentials under ~/.agent-reach — inspect and securely delete/revoke them if needed; (6) consider running this in an isolated VM/container and revoke any cookies/tokens after use. The registry metadata not declaring required credentials or config paths is a red flag — request clarification from the publisher before proceeding.
功能分析
Type: OpenClaw Skill
Name: skill-9
Version: 0.1.0
The skill bundle installs a management toolset from a remote GitHub repository (Panniantong/agent-reach) to enable agent access to various social media platforms. It includes high-risk capabilities such as automated extraction of session cookies from local browsers (`--from-browser chrome`) and instructions for the agent to handle sensitive authentication tokens for platforms like Twitter and LinkedIn. While these features are functionally relevant to the stated goal of platform integration, the combination of remote code execution during setup and the handling of sensitive browser data presents a significant security risk.
能力评估
Purpose & Capability
The name/description (install/configure upstream platform tools) matches the SKILL.md actions: installing an 'agent-reach' installer, tooling like xreach, mcporter, yt-dlp, and guiding cookie/proxy configuration. However, the skill's metadata declares no required env vars or config paths even though the instructions will store tokens/config under ~/.agent-reach and read browser cookies — a proportionality mismatch.
Instruction Scope
SKILL.md instructs the agent to collect and accept raw authentication cookies (paste 'Header String') and to optionally auto-extract cookies from a local browser ('--from-browser chrome'), which implies reading local browser storage. It also directs installing and running upstream CLIs and writing persistent config under ~/.agent-reach. These are sensitive operations (cookie/token collection, local file access) not declared in the skill metadata and grant broad access to user accounts.
Install Mechanism
There is no install spec in the registry, but the runtime instructions tell users to run pip install against a GitHub archive URL (main.zip). Installing from an unpinned branch/archive pulls arbitrary code that may change; the installer then pulls/sets up many third-party tools. This is higher risk than using a pinned release or reviewing the package beforehand.
Credentials
The registry lists no required credentials, yet the instructions require sensitive data (session cookies, proxy credentials, 'API Key' for third-party services) and store them under ~/.agent-reach. Asking users to paste cookie header strings or enabling browser cookie extraction is a direct request for secrets that is not reflected in metadata and increases the chance of accidental credential exposure.
Persistence & Privilege
The skill will create files and persistent configs under ~/.agent-reach and /tmp per the instructions. always:false (default) is appropriate, but persistent storage of credentials combined with autonomous agent invocation (default allowed) raises risk: stored secrets could be reused or accessed later. The skill does not declare these config paths in metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-9 - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-9触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
agent-reach 0.1.0 — First public release
- Initial release of agent-reach with setup and configuration instructions for 13+ major platforms (Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu, Douyin, LinkedIn, Boss直聘, WeChat, RSS, and general web/URL support).
- Provides step-by-step guidelines for installation, channel configuration (including cookie and proxy setup), and best practices to avoid workspace pollution.
- Includes usage examples for each upstream tool, covering both setup and real-world read/search/publish commands.
- Warns users of potential risks (e.g., cookie account security, IP blocking) and offers proxy and cookie management recommendations.
- Emphasizes using `agent-reach doctor` for channel status and troubleshooting rather than memorizing platform-specific steps.
元数据
常见问题
Agent Reach 是什么?
Give your AI agent eyes to see the entire internet. Install and configure upstream tools for Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongShu, Douyi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1885 次。
如何安装 Agent Reach?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-9」即可一键安装,无需额外配置。
Agent Reach 是免费的吗?
是的,Agent Reach 完全免费(开源免费),可自由下载、安装和使用。
Agent Reach 支持哪些平台?
Agent Reach 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Agent Reach?
由 Ma-star(@ma-star)开发并维护,当前版本 v0.1.0。
推荐 Skills