ClawHub

Reddit User Acquisition

Security checks across malware telemetry and agentic risk

Overview

This Reddit outreach skill is not malicious, but it needs review because it can post replies and send DMs from a real Reddit account while storing outreach history and giving limited credential and privacy guidance.

Install only if you are comfortable giving the agent Reddit account credentials and reviewing every outbound message before it is sent. Use a dedicated Reddit account where possible, keep secrets in environment/secret storage rather than prompts or files, verify subreddit rules yourself, avoid unsolicited DMs in sensitive contexts, and periodically delete campaign logs and contacted-user history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The README broadens the advertised behavior from Reddit-only outreach to Reddit and Slack outreach, creating a scope mismatch between the declared skill metadata and the documentation. This is dangerous because users, reviewers, or downstream agents may authorize or invoke functionality affecting an additional platform without the expected review, permissions, policy checks, or consent controls for Slack messaging.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The spec says the skill is not a bot that auto-posts or auto-DMs, while the skill metadata describes posting approved outreach via the Reddit API. This mismatch is security-relevant because operators may grant broader permissions or trust assumptions than the spec warrants, enabling unintended automation of outreach and policy-violating messaging at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to use stored Reddit credentials to send replies and DMs on the user's behalf, but the top-level description does not clearly warn that it performs account-level outreach actions. This creates a consent and transparency risk: a user may invoke the skill expecting analysis or drafting, without appreciating that approved actions will be posted from their authenticated Reddit account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The spec explicitly describes collecting Reddit and Slack content and forwarding post/message context to Telegram for approval, but it does not define any privacy notice, consent model, retention policy, minimization rules, or handling restrictions for third-party user content. This creates a real privacy and compliance risk because community messages may contain personal or sensitive information that is unnecessarily transmitted across services and exposed to reviewers.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The spec requests highly sensitive credentials including Reddit username/password, client secrets, Slack tokens, and Telegram bot tokens, but provides no secure storage, rotation, least-privilege, or transmission guidance. In a growth-automation skill that posts on external accounts, credential mishandling could lead to account compromise, unauthorized posting, data exposure, and abuse of linked services.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill prominently encourages DM-based outreach and provides templates and trigger conditions for contacting users who express pain points, but it does not foreground privacy, harassment, consent, or account-enforcement risks where the capability is introduced. Even with later ethical guardrails, the design normalizes unsolicited outreach and can facilitate spammy or intrusive contact against platform norms.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill explicitly automates Reddit outreach by sending replies and DMs, tracking contacted users, and persisting outreach history, but it does not require clear user-facing consent, platform-policy warnings, or privacy disclosures before execution. In this context, the omission is dangerous because the skill is designed for scalable growth outreach, which increases the chance of spammy behavior, account sanctions, and improper storage/use of identifiable Reddit user data.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal