Reddapi
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is exposed or mishandled, someone else could use the user's reddapi.dev account or quota.
The skill requires a Bearer API key for reddapi.dev. This is purpose-aligned for a third-party API integration, but users should handle the key as a sensitive credential.
**Authentication:** `Authorization: Bearer YOUR_API_KEY`
Use a dedicated reddapi.dev API key with the minimum needed access, store it securely, and avoid pasting it into shared chats or logs.
Research queries, product names, competitor names, or lead-generation prompts may be visible to the third-party API provider.
The skill sends user queries to an external third-party provider. That is expected for this skill, but the artifacts do not describe provider retention, logging, or privacy boundaries.
**Base URL:** `https://reddapi.dev`
Avoid sending confidential business information unless you trust reddapi.dev's privacy and data-retention practices.
If a user obtains and runs a similarly named script from elsewhere, its behavior would not be covered by this package review.
The supporting file references a CLI script, but the provided manifest contains only SKILL.md and SUPPORTING.md. There is no evidence of automatic execution, but the referenced helper code is not available for review here.
### reddapi-cli.sh Command-line interface for reddapi.dev API. ```bash ./scripts/reddapi-cli.sh search "productivity tools" --limit 100
Do not run any external reddapi CLI helper unless it comes from a trusted source and you have reviewed what it does.