Oathe Security Badge

Is reiy-leo/agent-reach-bak safe?

https://clawhub.ai/reiy-leo/agent-reach-bak

91
SAFE

Agent Reach is a legitimate web scraping skill that provides access to 14 major platforms for data collection. While the skill itself contains no malicious code and passed all integrity checks, it does expand the agent's attack surface by providing extensive external service access capabilities that could theoretically be misused.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

MEDIUM External service access capabilities -25

The skill provides extensive instructions for accessing external web services (Twitter, Reddit, YouTube, etc.) which could potentially be misused for data exfiltration if combined with malicious prompts instructing the agent to post sensitive data.

LOW External URL references -5

The skill references external GitHub URLs for installation guides, which could theoretically be modified to contain malicious instructions, though this requires compromising the referenced repository.

INFO Expanded attack surface -20

While the skill appears legitimate for web scraping purposes, it significantly expands an agent's potential attack surface by providing access to multiple external web services and platforms.

INFO Installation network activity -5

Normal network connections during installation to clawhub.ai and CDN infrastructure for downloading the skill package.