ClawHub

Reddit Post

Security checks across malware telemetry and agentic risk

Overview

The skill does not install code or post to Reddit, but its support file includes Reddit account-warming and moderation-evasion style guidance that should be reviewed before use.

Review or remove the Reddit account-warming, karma-building, and anti-detection guidance before installing. If used, keep the skill limited to local bookkeeping after a human-confirmed post, verify the APPROVED decision and Reddit URL, and do not use it to shape posts or account behavior to bypass subreddit or platform rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
This section explicitly instructs the agent to mimic normal human behavior, build karma strategically, and avoid patterns that would trigger platform enforcement. That is anti-detection guidance designed to evade Reddit's spam and trust-and-safety systems rather than comply with them, which makes misuse more likely in coordinated promotion or deceptive account operations.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The file tells the agent to avoid AI-sounding content and other signals that trigger spam or AI-enforcement rules, including special handling for a subreddit that bans AI-generated content. This is dangerous because it operationalizes concealment of AI use and moderation-evasion rather than requiring disclosure or refusal when content would violate community rules.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
This section catalogs behaviors moderators and platform algorithms flag, then uses that information to steer posting strategy away from detection. Even if framed as 'safety,' the practical effect is evasion-aware optimization for promotional activity across subreddits, which can facilitate spam campaigns and reduce the chance of moderation catching abusive behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal