Reddit Spy

Things to consider before installing or running this skill: - It is designed to evade Reddit rate limits and blocks (Tor circuit rotation, UA rotation, Playwright stealth). That behavior can be used legitimately for research but can also violate Reddit's terms of service—review legal/terms implications. - The SKILL.md tells you to check and start a systemd Tor service (systemctl). Starting/stopping system services requires elevated privileges and affects the host; only run if you control the machine and understand the changes. - The code reads TOR_CONTROL_PASS from the environment but that variable is not declared in the registry meta; its default is the hard-coded weak string 'openclaw_tor'. If you run this, set TOR_CONTROL_PASS to a unique secret or disable circuit rotation. Leaving defaults may allow unwanted external control of your Tor instance. - The tool optionally asks for REDDIT_CLIENT_ID/SECRET/USERNAME/PASSWORD for OAuth. Only provide those credentials if you trust the skill author and are prepared to store them in your environment; the code will store cookies and tokens in ~/.openclaw/.reddit-spy-cache. - Playwright and related packages are heavy (download browsers). Consider running the skill in a sandboxed environment or VM to limit impact and to prevent accidental host-level changes. - If you intend to use proxies, be careful: REDDIT_PROXY_URL can include credentials (http://user:pass@proxy:port) — those will be read from your environment. - Recommendations: inspect/run code in a contained environment (VM/container), do not supply Reddit credentials unless necessary, set a strong TOR_CONTROL_PASS if you run Tor locally, and consider whether stealth scraping is acceptable for your use case and policy/legal constraints.