ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reddit Explore

v0.0.3

This skill should be used when the user asks to "search Reddit", "explore Reddit posts", "find Reddit discussions about", "summarize Reddit opinions on", "what does Reddit think about", or wants to gather and summarize community opinions from Reddit on a specific topic.

0· 1.1k·0 current·0 all-time
by@netmsglog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to search Reddit and summarizes results. The included script calls Apify via apify-client and uses APIFY_TOKEN — exactly what you'd expect for an Apify-based Reddit scraper. Required binary (python3) and primaryEnv (APIFY_TOKEN) align with the stated functionality.
Instruction Scope
SKILL.md limits actions to running the included reddit_search.py script, reading its JSON output, and summarizing posts. It does not instruct the agent to read unrelated files, access other environment variables, or transmit data to unknown endpoints. Error handling and setup guidance are narrow and relevant.
Install Mechanism
This is instruction-only with an included small Python script; there is no install spec that downloads or executes arbitrary remote archives. The only runtime dependency is the apify-client Python package, which the SKILL.md instructs the user to install via pip if missing.
Credentials
Only APIFY_TOKEN is required and is justified because the script uses Apify's API. No unrelated secrets or multiple credentials are requested. The SKILL.md and script both reference APIFY_TOKEN and no additional environment variables are accessed.
Persistence & Privilege
The skill is not set to always:true and registry metadata shows disable-model-invocation:true, limiting autonomous invocation — this reduces risk. The skill does not request writing to other skills' config or system-wide settings.
Assessment
This skill appears to do what it says: it runs a small Python script that uses your Apify API token to call the trudax/reddit-scraper-lite actor and returns Reddit posts for summarization. Before installing: 1) Verify provenance — the package has no homepage and an unknown source; if you don't trust the publisher, inspect the included files (scripts/reddit_search.py and references) yourself. 2) Understand the credential you provide: APIFY_TOKEN grants access to your Apify account and may incur costs; use a token with limited permissions if possible and monitor billing. 3) Confirm you are comfortable installing the apify-client Python package via pip. 4) Be aware scraped Reddit content is public but may contain personal data — consider privacy needs before aggregating or sharing results. 5) Because disable-model-invocation is true, the model won't call this skill autonomously; if you later enable autonomous use, reassess permissions and provenance. If you want higher assurance, request the publisher's homepage or a signed/reviewed release, or review the apify actor (trudax/reddit-scraper-lite) on Apify to confirm expected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9766q9c087eh0bcf046bq0sh980yz7g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binspython3
EnvAPIFY_TOKEN
Primary envAPIFY_TOKEN

Comments