Reddit User Acquisition
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Reddit outreach skill is transparent about using your account for approved replies and DMs, but its anti-spam and execution safeguards appear to be prompt-level claims rather than reviewed, enforceable code.
Install only if you are comfortable giving the skill Reddit account credentials and reviewing outreach before it is sent. Treat the approval gates and rate limits as documented instructions rather than audited enforcement, verify every subreddit’s rules yourself, approve messages individually, and delete stored campaign logs/contact lists when done.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may need to improvise, generate, or use broad tools to post or DM from your Reddit account, so the real safeguards may not match the documentation.
The execution logic references a high-impact Reddit posting helper, but the provided package contains no code files or scripts. That leaves the actual posting behavior, rate limiting, and credential handling unreviewable.
EXECUTE: reddit_post.py --action [reply|dm] --thread [id] --text [text]
Do not allow automated execution until the posting and rate-limit implementation is provided and reviewed, or keep posting fully manual.
If the prompt-level limits are missed or ignored, your account could send too many or inappropriate outreach messages, risking Reddit rule violations or reputational harm.
The artifact set is instruction-only, so these protections are not demonstrated as hard-coded or technically non-overridable. This can cause users to over-trust the anti-spam safety posture.
Not a spam tool — hard-coded rate limits and anti-abuse protections ... Rate limits cannot be overridden
Treat the limits as policy guidance, not enforced controls. Approve messages one by one and use an external/manual rate-limit process.
Approved drafts can become public Reddit comments or private DMs sent from your account.
Posting Reddit replies and DMs is high-impact account mutation. The behavior is disclosed and gated on approval, but users should still review it carefully.
Phase 5: EXECUTE — Post approved messages via Reddit API
Review every draft, verify subreddit rules, and avoid bulk approvals unless you are comfortable with the exact messages and targets.
Anyone or anything misusing these credentials could act as your Reddit account.
The skill requires Reddit app credentials and account login details. This is expected for Reddit posting, but it grants sensitive authority over the account.
REDDIT_CLIENT_ID, REDDIT_CLIENT_SECRET, REDDIT_USERNAME, REDDIT_PASSWORD
Use only the required Reddit credentials, store them securely, avoid granting unrelated account access, and rotate/remove them after use.
Local files may keep records of who you contacted, what you sent, and how campaigns performed.
The skill persists outreach state, drafts, contacted users, and logs for reuse across phases and resumes. This is purpose-aligned but can retain personal or campaign-sensitive data.
data/drafts/*.json ... data/approved/*.json ... data/sent/*.json ... data/contacted_users.json ... logs/actions.log
Keep these files private, review what is stored, and delete campaign data when it is no longer needed.
The agent may keep monitoring Reddit responses and campaign state for several days after messages are sent.
The skill describes ongoing monitoring and resume behavior. It is disclosed and bounded, but it may continue checking engagement after the initial approval/execution phase.
Schedule: 30min (first 24h), 2h (24-72h), daily (72h+), stop at 7d ... On resume: load state, check queued-but-unsent, run missed monitors
Confirm when monitoring starts and stops, and disable or clean up the skill when the campaign is finished.