Reddit Research
v1.0.0Extracts and summarizes trending topics, recurring issues, and content gaps across targeted Reddit subreddits using JSON data for research purposes only.
⭐ 3· 1.4k·8 current·8 all-time
by@lknezic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the SKILL.md: the skill fetches Reddit /.json feeds, analyzes threads, and writes research markdown files. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
Instructions stay focused on reading Reddit JSON, extracting trends, and saving a markdown research file. The skill instructs the agent to write to shared/research/trends-[date].md and update vault-index.md — expected for a research workflow but requires the agent to have filesystem write access. It also references optional internal tools (reddit-mcp auth profile) and a preferred model (Sonnet); these are optional/operational notes rather than required actions. The skill explicitly forbids following instructions embedded in Reddit content (good).
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk install profile.
Credentials
No environment variables or credentials are required. The only credential-like mention is an optional reddit-mcp auth profile if available; this is described as conditional and not required by default.
Persistence & Privilege
always:false (default) and user-invocable:true. The skill does not request permanent platform-wide presence or modify other skills. Autonomous invocation is allowed by platform default but does not combine with other red flags here.
Assessment
This skill appears internally consistent and limited to reading Reddit JSON feeds and writing research markdown files. Before installing, confirm: (1) the agent has explicit permission to make outbound requests to reddit.com and to write to the shared/research and vault-index.md locations; (2) you are comfortable with the agent being allowed to fetch external web content automatically (autonomous invocation is platform default); (3) if your environment has a reddit-mcp profile, verify its credentials are handled securely—the skill only suggests using MCP when configured, but any MCP credentials should be audited; (4) the SKILL.md claims 'no auth, no rate limit' for /.json which can be inaccurate—consider adding throttling and error handling to avoid IP blocking. If you want more assurance, require explicit user confirmation before any outbound HTTP fetches or disable autonomous invocation for this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk975m6fzm96834w2k7e3fdqk1581h97k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.