Search Reddit
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for Reddit search, but it uses an OpenAI API key, external OpenAI/Reddit calls, and limited provenance metadata that users should notice.
This looks reasonable to install if you want a Reddit search helper and are comfortable using an OpenAI API key. Before installing, verify the registry entry/source, use a dedicated API key if possible, monitor OpenAI usage costs, and treat Reddit excerpts as untrusted public web content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms may be processed by OpenAI, and Reddit data is fetched over the network; this may have privacy, usage, or cost implications.
The skill sends searches to OpenAI and fetches Reddit JSON. This is disclosed and purpose-aligned, but it means user queries and search activity involve external services.
Uses OpenAI Responses API (`/v1/responses`) with the `web_search` tool: - Allowed domain: `reddit.com` - Enriches each thread by fetching Reddit JSON
Use it for queries you are comfortable sending to OpenAI/Reddit, and review returned links or excerpts as public web content rather than trusted instructions.
The skill can spend against the configured OpenAI account when used and depends on keeping that API key private.
The script reads an OpenAI API key from the environment or Clawdbot config. This is expected for the stated OpenAI integration, and the visible code does not show logging or unrelated credential use.
if (process.env.OPENAI_API_KEY) { return process.env.OPENAI_API_KEY; } ... config?.skills?.entries?.['search-reddit']?.apiKey || config?.skills?.entries?.openai?.apiKeyPrefer a dedicated or restricted OpenAI key if available, monitor usage, and avoid sharing the key in chat or logs.
It may be harder to independently verify the publisher or reproduce the exact source before installation.
The registry metadata does not provide a source or homepage and under-declares the Node runtime used by the documented commands. There is no evidence of a risky installer or dependency chain, so this is a provenance/setup note rather than a concern.
Source: unknown; Homepage: none; Required binaries (all must exist): none; Install specifications: No install spec
Install from a trusted registry entry, review the included files before use, and confirm the expected Node runtime is available.