Reddit Cli
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read these environment variables or shell startup files may be able to use the user's Reddit session until the cookies expire or are revoked.
The skill asks the user to provide Reddit browser session cookies, which are account authentication material. This is disclosed and used for the stated Reddit CLI purpose.
export REDDIT_SESSION="your_reddit_session_cookie" export TOKEN_V2="your_token_v2_cookie" # optional
Use this only on a trusted machine, avoid sharing shell profiles or logs containing these values, and log out or revoke sessions if the cookie may have been exposed.
If the remote GitHub file changes, a user following this install example could run different code than the code reviewed here.
The README gives a user-directed download from a mutable GitHub branch without a pinned commit or checksum. This is not automatic behavior in the reviewed skill, but users following the README could fetch code that differs from the reviewed artifact.
curl -o reddit-cli.js https://raw.githubusercontent.com/kelsia14/reddit-cli/main/scripts/reddit-cli.js
Prefer the reviewed packaged script, or use a pinned commit and verify the file contents before running it.