Reddit Research

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Reddit research skill that reads public Reddit content and writes local research notes without evidence of hidden execution, exfiltration, or account-changing behavior.

Before installing, confirm that local research-note creation and index updates are acceptable in your workspace. If reddit-mcp is configured, keep it limited to reading/searching and avoid enabling posting or account-changing tools for this skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to write `shared/research/trends-[YYYY-MM-DD].md` and update `vault-index.md`, which are repository modifications. Even though these are expected workflow outputs, the lack of a clear user-facing warning or approval step means an automated run could change files without explicit confirmation, increasing the risk of unintended or silent repository edits.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal