Reddit Assistant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly fits a Reddit drafting assistant, but it tells the agent to immediately run local shell/Python scripts that are not included in the reviewed package.
Install only if you are comfortable inspecting or supplying the missing helper scripts yourself. Run it from a controlled directory, do not approve automatic startup commands blindly, and review any local memory/config files before storing sensitive product or performance information.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may try to run local scripts before helping you, even though those scripts were not part of the reviewed skill.
The skill instructs the agent to execute shell/Python code automatically at startup. The reviewed package contains no such code files, so execution would be unreviewed and could resolve to unexpected local files.
STARTUP: Session Initialization (ALWAYS RUN FIRST) ... Before doing anything else, run: `bash scripts/check_env.sh` ... `python3 reddit-assistant.py status`
Do not allow automatic startup execution unless you have inspected and intentionally installed the referenced scripts in a controlled directory.
The skill may be incomplete or may depend on external/local files that were not reviewed for safety.
The skill references multiple helper scripts that are not included in the provided file manifest, leaving their behavior, dependencies, and provenance unreviewed.
No code files present — this is an instruction-only skill. ... `python3 scripts/save_draft.py` ... `python3 scripts/fetch_subreddit_info.py --subreddit "{name}"`Require the publisher to include the referenced scripts and install instructions, or treat the commands as untrusted until independently reviewed.
Product details, subreddit notes, drafts, and performance context may be kept and reused in later Reddit strategy work.
The skill uses persistent local memory/config and subreddit profile files to guide future recommendations. This is aligned with its learning/analytics purpose, but the stored context can influence later outputs.
`cat memory/config.json`; `cat memory/subreddit-profiles.json`; `python3 scripts/update_subreddit_profile.py`
Review the local memory files periodically, avoid storing confidential business details unless needed, and clear or edit stale/incorrect entries.