Back to skill
Skillv1.0.0
ClawScan security
Reddit Ads Strategy: Subreddit Targeting and Community-Aware Advertising (WIP) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 12, 2026, 1:44 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Reddit ad strategy guide and its requirements and instructions are consistent with that purpose.
- Guidance
- This skill appears to be a harmless strategy guide. Before using it, remember: do not share Reddit account passwords or full access credentials with an agent (instead use OAuth tokens with limited scopes if automation is needed); decline to upload CSVs or secret keys unless you specifically want the agent to manage campaigns and you trust the source. Also confirm the skill's source (homepage/adkit.so) if you plan to follow any instructions that require connecting to external services — the skill itself does not request any credentials or perform network actions.
- Findings
[regex_scan_empty] expected: The static scanner found no matches because this is an instruction-only skill with no code files; this is expected for a README-style guidance skill.
Review Dimensions
- Purpose & Capability
- okName/description match the actual content: an advisory guide for Reddit campaigns. The skill declares no binaries, env vars, or installs, which is appropriate for a strategy-only skill.
- Instruction Scope
- okSKILL.md contains only advisory content and interactive guidance (ask before advising). It does not instruct the agent to read files, access environment variables, run shell commands, or send data to external endpoints.
- Install Mechanism
- okNo install spec and no code files — minimal footprint and no disk writes or third-party downloads, which is appropriate for a documentation-style skill.
- Credentials
- okThe skill requests no credentials, config paths, or environment variables. This is proportionate for a strategy-only guide.
- Persistence & Privilege
- okalways:false and default invocation settings are used. The skill does not request persistent or elevated privileges and does not modify system/other-skill settings.