Back to skill
Skillv1.0.0
VirusTotal security
Reddit Spy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:17 AM
- Hash
- 4af8625a7f058309950922f613c3b4c052990d588d492c218b5d42e90141c822
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: reddit-spy Version: 1.0.0 The skill is designed for 'Stealth Reddit intelligence' and uses various legitimate, albeit privacy-sensitive, techniques like Tor, Reddit OAuth, and browser automation (Playwright) to achieve its goal. It accesses environment variables for credentials and saves cookies for session persistence, which aligns with its stated purpose. However, the `browser_stealth.py` module uses Playwright with `--no-sandbox` and `--disable-setuid-sandbox` flags. While often used for headless browsers in containerized environments, these flags disable critical security isolation features, creating a vulnerability that could be exploited if the browser process itself is compromised. This constitutes a risky capability without clear malicious intent, classifying the skill as suspicious.
- External report
- View on VirusTotal