Back to skill

Security audit

Reddapi

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward Reddit-data API helper, with the main caveat that searches are sent to a third-party service.

Install only if you are comfortable sending Reddit research queries, keywords, and related parameters to reddapi.dev. Avoid using confidential plans, private lead lists, secrets, or personal data in searches unless you have reviewed and accept the provider's privacy and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly routes user queries to reddapi.dev, a third-party service, but does not clearly warn users that their prompts, search terms, and potentially sensitive research topics will be transmitted externally. This creates a privacy and data-handling risk because users may unknowingly send confidential business plans, competitor research, lead lists, or other sensitive inputs to a non-official external provider.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.