ClawHub

Reddit Post

v1.0.0

Manages post-posting tasks by moving approved Reddit drafts to posted/, adding URLs, updating active tasks, and logging after Luka confirms posting.

0· 440·3 current·3 all-time
by@lknezic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with bookkeeping after posting and the SKILL.md instructions implement that. However, the skill's metadata lists no required config paths or permissions while the instructions explicitly read and write many shared/* files; the metadata omission is inconsistent.
!
Instruction Scope
Runtime instructions direct the agent to read and modify files under shared/decisions/, shared/pending/, shared/posted/, and shared/memory/, and to write daily logs. Those file-system operations are narrowly scoped to post-posting bookkeeping (which is expected) but they are not declared in requires.config paths and therefore the skill's declared scope is incomplete. There are no commands or network endpoints in SKILL.md and the skill explicitly forbids posting to Reddit.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by an installer.
Credentials
The skill requests no environment variables, credentials, or external API keys. That is coherent with its stated bookkeeping purpose. No unexpected secrets or network tokens are requested.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request persistent/privileged system-wide configuration or credentials and does not claim to modify other skills.
What to consider before installing
This skill's instructions are consistent with a bookkeeping helper, but it will need permission to read and write files in shared/decisions/, shared/pending/, shared/posted/, and shared/memory/ — those paths are referenced in SKILL.md but not declared in the skill metadata. Before installing: (1) confirm the agent runner will grant the skill access only to the specific shared directories and not broader filesystem areas; (2) verify file permissions and backups for those folders; (3) test in a safe/dry-run environment (use sample files) to confirm behavior; (4) ask the publisher to update metadata to list the required config paths or explain why they were omitted; (5) remember the SKILL.md forbids posting to Reddit, but if you rely on autonomous invocation, monitor for any deviations (ensure logs/auditing are enabled). If you cannot confirm the file-access scope, treat the installation as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk974y0gf50ee6nnaxxfd2bahwh81gnya

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments