Security audit

Reddit Researcher

Security checks across malware telemetry and agentic risk

Overview

This skill searches public Reddit content through external search/Reddit endpoints and saves local research output, with no hidden, destructive, or account-access behavior found.

Install only if you are comfortable sending Reddit research keywords, subreddit targets, and selected Reddit URLs to external search and Reddit services. Avoid sensitive business plans, personal data, or confidential topics, and remove cached/exported reports when the research should not remain on disk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill description does not clearly warn that it performs outbound requests to search engines and Reddit, which can expose user-provided keywords or research topics to third parties. In an agent environment, undisclosed network access is security-relevant because users may unknowingly send sensitive queries off-platform.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal