critical
suspicious.env_credential_access
- Location
- scripts/reddit-readonly.mjs:16
- Finding
- Environment variable access combined with network send.
Reddit (read only - no auth)
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteMedium Confidence
ASI01: Agent Goal HijackWhat this means
Reddit content could try to influence the agent if treated as instructions rather than as source material.
Why it was flagged
The tool intentionally returns user-generated Reddit post and comment text to the agent, which may contain untrusted instructions or misleading content.
Skill content
selftext_snippet: d.selftext ? String(d.selftext).slice(0, 800) : null, ... body_snippet: body ? String(body).slice(0, maxChars) : null
Recommendation
Treat Reddit titles, posts, and comments as untrusted data; do not follow instructions found inside retrieved Reddit content unless the user explicitly asks.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Your subreddit names, search terms, and requested Reddit URLs may be sent to Reddit’s public endpoints.
Why it was flagged
The script makes outbound network requests to Reddit using user-directed search/subreddit inputs. This is central to the skill’s stated purpose and appears read-only.
Skill content
const BASE_URL = 'https://www.reddit.com'; ... const res = await fetch(url, { headers: { 'User-Agent': DEFAULTS.userAgent, 'Accept': 'application/json' }Recommendation
Use this for public Reddit browsing only, and avoid putting private or sensitive information into search queries.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
You have less external context for who maintains the skill or where to verify its source.
Why it was flagged
The skill has no declared upstream source or homepage, which limits provenance verification even though no risky install mechanism is shown.
Skill content
Source: unknown; Homepage: none
Recommendation
Review the included script before installing and prefer trusted publishers or versions with clear source provenance.