Reddit Scraper
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears benign and read-only: it fetches public Reddit posts/search results, with minor notes about sending queries to Reddit and treating Reddit text as untrusted.
This appears safe for read-only Reddit browsing. Before installing or using it, remember that Reddit search terms leave your environment, Reddit posts may contain untrusted text, and Python requests may need to be present locally.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Reddit post could contain misleading instructions or prompt-injection text that should not override the user's actual task.
The script retrieves and prints Reddit post text, which is arbitrary third-party content. That is expected for a Reddit reader, but agents should treat it as content, not instructions.
'selftext': selftext ... print(f" 📝 {preview}")Use the fetched Reddit content as evidence to summarize or quote, but do not follow instructions found inside posts unless the user explicitly asks.
If a user searches for sensitive terms, those terms may be visible to Reddit as part of the API request.
Search terms and subreddit selections are sent to Reddit over the public API. This is disclosed and central to the skill's purpose, but it is still an external data flow.
url = f"{self.BASE_URL}/search.json" ... params = { 'q': query, ... } ... self.session.get(url, params=params, timeout=15)Avoid using sensitive private information as search queries unless you are comfortable sending those terms to Reddit.
The skill may fail unless Python and the requests library are already available, and users should understand any dependency they install.
The technical documentation names a system dependency, while the registry requirements/install spec list no required binaries or install steps. This is a metadata completeness issue, not evidence of malicious behavior.
Dependencies ... apt-get install python3-requests
Verify the local Python requests package source if installation is needed, and keep dependency declarations aligned with the skill metadata.