Reddit API

v1.0.3

Analyze Reddit workflows with JustOneAPI, including post Details, post Comments, and keyword Search.

⭐ 0· 27·1 current·1 all-time

by@justoneapi

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

Requires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name, description, required binary (node), and required env var (JUST_ONE_API_TOKEN) align with a small API wrapper for Reddit provided by JustOneAPI. The operations and base URL point to api.justoneapi.com which matches the homepage.

ℹ

Instruction Scope

SKILL.md instructs the agent to call the included bin/run.mjs with --operation and --token and to only use JUST_ONE_API_TOKEN for JustOneAPI requests. The only minor scope concern: the CLI usage passes the token as a command-line argument (and the implementation sends it as a query parameter), which can expose the token in process listings or server logs on some systems. Functionally, the instructions otherwise stay within the stated purpose and do not read unrelated files or env vars.

✓

Install Mechanism

No install spec and no external downloads; the skill includes a small Node script (bin/run.mjs). This is low-risk compared with remote installers.

✓

Credentials

The skill only requires a single API token (JUST_ONE_API_TOKEN), which is proportional to the described API-calling functionality. No unrelated secrets or config paths are requested.

✓

Persistence & Privilege

The skill is not set always:true, does not request system-wide config changes, and does not modify other skills. Autonomous invocation is allowed (the platform default) but not combined with any other concerning privileges.

Assessment

This skill appears to do what it claims: call JustOneAPI endpoints for Reddit data. Before installing: 1) Confirm you trust JustOneAPI (requests go to https://api.justoneapi.com). 2) Keep JUST_ONE_API_TOKEN private — prefer supplying it via environment rather than as a visible CLI argument when possible (passing secrets on a command line can expose them to other users via ps or to logs). 3) Note the token is sent as a query parameter to the upstream API (common for some services but may be logged by intermediaries). If you are comfortable with those tradeoffs, the skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e9b7qv0kdgzg0f7ekdyxz41849f8a

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

EnvJUST_ONE_API_TOKEN

Primary envJUST_ONE_API_TOKEN