ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reddit User Acquisition

v1.0.0

AI-powered Reddit seeding agent for founders. Analyzes a product spec, maps relevant subreddits, finds real threads where target users need help, drafts pers...

0· 440·0 current·0 all-time
byConal@0xconal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to research, draft, and post via Reddit (and also monitor Slack and use a Telegram approval bot). Requesting Reddit OAuth credentials (client id/secret + account creds) and python3/playwright-cli is reasonable for Reddit posting and browser verification. However, the spec repeatedly references Slack and a Telegram approval bot but the required environment variables do not include any Slack or Telegram tokens, which is inconsistent: either those integrations are optional/unused (not stated) or the manifest omitted required credentials. Also many script filenames and data files are referenced (reddit_search.py, approval_bot.py, config JSONs) but no code files are present in the package — the skill is instruction-only despite expecting runnable scripts.
!
Instruction Scope
SKILL.md directs the agent to autonomously run Phases 1–3 (research, discovery, drafting) and to verify subreddit rules via browser/API, then present drafts for explicit human approval. This scope is coherent with the stated goal. The concern is that instructions assume access to a Telegram bot for approval, Slack monitoring/posting, local data files (contacted_users, banned_list), and posting scripts — none of which are provided or declared as required. The instructions also say to check public post history 'when possible' (Level 3 personalization) — appropriate for personalization but increases privacy surface and should be explicitly declared.
Install Mechanism
There is a single install spec installing an npm package '@playwright/mcp' to provide playwright-cli. Installing Playwright (or a CLI wrapper) is plausible for browser verification/automation. However, the package name looks non-standard (not the common 'playwright' package) and there is no source/homepage to validate it. NPM installs are moderate risk: they pull third-party code. Because the package name is unfamiliar and the skill bundle lacks source links, this raises a moderate suspicion that the install target should be audited before running.
!
Credentials
The declared required env vars are REDDIT_CLIENT_ID, REDDIT_CLIENT_SECRET, REDDIT_USERNAME, and REDDIT_PASSWORD — all appropriate for posting via Reddit API. But the skill's docs require a Telegram approval bot and Slack integration (approval_bot.py, Slack API posting), yet no TELEGRAM_TOKEN, TELEGRAM_CHAT_ID, SLACK_API_TOKEN (or similar) are declared. That mismatch suggests either the manifest is incomplete or the skill will attempt to access other services without declaring them. Also the manifest requests full Reddit account credentials (username/password) in addition to client id/secret — which is a high-privilege combination; the user should prefer using a dedicated app with minimal scopes and a separate account for outreach.
Persistence & Privilege
always:false (no forced installation) and disable-model-invocation:false (agent may invoke autonomously). The skill's runtime plan permits autonomous research and drafting (Phases 1–3) but requires human approval before sending messages, limiting destructive autonomy. This is reasonable but increases blast radius because the agent will autonomously scan and build queues of targets. No evidence the skill requests persistent modification of other skills or system-wide configs.
What to consider before installing
What to check before installing or running this skill: 1) Ask the author for source code and an installation README. The SKILL.md references Python scripts (reddit_search.py, reddit_post.py, approval_bot.py, etc.) and config/data files, but none of these executables are included — you should not run an installer or grant credentials until you can inspect the code that will run with them. 2) Clarify missing credentials: the spec requires a Telegram approval bot and Slack integration but does not declare TELEGRAM_* or SLACK_* env vars. Ask whether those integrations are optional, and if not, request the full list of required environment variables and verify how those tokens are used and stored. 3) Audit the npm package: the install spec installs '@playwright/mcp' to provide playwright-cli. Verify this package name and review its npm page and source repository before installing. Prefer official Playwright packages (or documented release artifacts) from trusted sources. 4) Least-privilege credentials: if you provide Reddit access, create a dedicated Reddit app with minimal scopes and use a separate account dedicated to outreach; do not use your personal account or credentials that grant broad access to other services. Avoid giving password reuse; rotate credentials and use short-lived tokens where possible. 5) Confirm human-approval flow: SKILL.md emphasizes 'never send any message without explicit human approval.' Get a clear description of how approvals are delivered (Telegram bot? e-mail?), where approval state is stored, and whether any automation could bypass that gate. 6) Ask about persistence and data storage: the skill plans to write contacted_users, banned_list, logs, and other data. Ask where those files are stored, whether they will be encrypted, and whether they can be inspected/cleared. 7) Legal/terms check: targeted outreach and DMs may run afoul of platform rules or privacy expectations. Ensure you understand Reddit's API and community rules, and that you accept the risks of account moderation or bans. If the author cannot provide source code, a trustworthy npm package name, and a clear list of all required environment variables with justified usage, treat the skill as high risk and do not install or supply credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk979w9dck66jbp3sr817wctsmn81qm9xredditvk979w9dck66jbp3sr817wctsmn81qm9x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis
Binspython3, playwright-cli
EnvREDDIT_CLIENT_ID, REDDIT_CLIENT_SECRET, REDDIT_USERNAME, REDDIT_PASSWORD
Primary envREDDIT_CLIENT_ID

Install

Install Playwright CLI (npm)
Bins: playwright-cli
npm i -g @playwright/mcp

Comments