Reddit (read only - no auth)
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to provide read-only Reddit browsing through public JSON endpoints, with no evidence of posting, authentication, persistence, or credential use.
This looks appropriate for read-only Reddit browsing. Before installing, be aware that your searches are sent to Reddit, Reddit content should be treated as untrusted, and the skill has no declared source homepage. Do not put secrets into search queries or optional environment variables.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Reddit content could try to influence the agent if treated as instructions rather than as source material.
The tool intentionally returns user-generated Reddit post and comment text to the agent, which may contain untrusted instructions or misleading content.
selftext_snippet: d.selftext ? String(d.selftext).slice(0, 800) : null, ... body_snippet: body ? String(body).slice(0, maxChars) : null
Treat Reddit titles, posts, and comments as untrusted data; do not follow instructions found inside retrieved Reddit content unless the user explicitly asks.
Your subreddit names, search terms, and requested Reddit URLs may be sent to Reddit’s public endpoints.
The script makes outbound network requests to Reddit using user-directed search/subreddit inputs. This is central to the skill’s stated purpose and appears read-only.
const BASE_URL = 'https://www.reddit.com'; ... const res = await fetch(url, { headers: { 'User-Agent': DEFAULTS.userAgent, 'Accept': 'application/json' }Use this for public Reddit browsing only, and avoid putting private or sensitive information into search queries.
You have less external context for who maintains the skill or where to verify its source.
The skill has no declared upstream source or homepage, which limits provenance verification even though no risky install mechanism is shown.
Source: unknown; Homepage: none
Review the included script before installing and prefer trusted publishers or versions with clear source provenance.