Reddit Search
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign Reddit-search connector, but it relies on an external Xpoz MCP service/account, installs a CLI package, and can export large public Reddit datasets.
Install if you are comfortable authorizing Xpoz, installing the `mcporter` CLI, and sending Reddit search queries through Xpoz MCP. Review the authorization and privacy terms, and use bulk exports responsibly.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill adds a CLI dependency that the user must trust.
The skill relies on installing an external npm CLI to call the MCP service; this is disclosed and central to the skill's operation.
node | package: mcporter | creates binaries: mcporter
Install from trusted package sources and review/update `mcporter` according to your normal security practices.
The skill can help gather and export large amounts of public social-media data, including data tied to usernames.
The documented tools can collect a user's public Reddit activity and export large result sets. This matches the search/research purpose, but it is a broad data-collection capability.
`getRedditPostsByAuthor` | Get a user's post history ... CSV Export ... full dataset (up to 64K rows)
Use bulk exports and user lookups only for legitimate, user-directed research and follow applicable privacy, platform, and legal requirements.
You will delegate access to Xpoz for this service even though no Reddit API key is required.
The skill does not need Reddit credentials, but it does require authorizing an Xpoz account through a related setup skill.
"credentials": "Xpoz account (free tier) — auth via xpoz-setup skill (OAuth 2.1)"
Review the Xpoz authorization screen, understand what account access is granted, and revoke it if you stop using the skill.
Your search queries and retrieved result workflow may be visible to or processed by Xpoz's service.
Queries are sent through a third-party MCP endpoint. This is disclosed and purpose-aligned, but the artifact does not describe retention or handling of user search terms.
works through Xpoz MCP with natural language queries ... "network": ["mcp.xpoz.ai"]
Avoid including confidential information in search queries unless you are comfortable with Xpoz processing it, and review Xpoz's privacy terms.