Back to skill
Skillv1.0.0
VirusTotal security
Reddit Curator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 26, 2026, 9:06 PM
- Hash
- 36f5804a409ea5a4d71fb12449f3f9ccddaa22afed1265d29f5c5776d8068bc6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: reddit-curator Version: 1.0.0 The bundle contains a critical contradiction: README.md claims the skill provides 'read-only access... without requiring Reddit API auth,' whereas SKILL.md explicitly instructs the AI agent to collect sensitive Reddit credentials, including the client_id, client_secret, username, and password. This discrepancy suggests a potential bait-and-switch tactic to solicit user credentials under false pretenses. Furthermore, the instructions rely on the agent to handle these credentials without providing verifiable code for encryption or secure storage, increasing the risk of credential exposure.
- External report
- View on VirusTotal