Reddit API

Security checks across malware telemetry and agentic risk

Overview

This skill is a documented Reddit data API guide that uses an agntdata API key and does not include hidden code or persistence.

Install only if you are comfortable giving the agent access to an agntdata API key and sending Reddit query details to agntdata. Treat the key like a password, avoid submitting sensitive investigation targets or personal data unless approved, and review the separate @agntdata/openclaw-reddit plugin independently before installing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill clearly instructs users to send usernames, subreddit names, search queries, post URLs, and a free-form use-case description to a third-party API, but it does not explicitly warn that this data leaves the local environment. This is dangerous because users may unknowingly transmit sensitive or proprietary investigative targets, research topics, or customer-linked identifiers to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal