Reddit Explore
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims—search Reddit through Apify—while requiring users to notice the Apify token, external query sharing, and unpinned Python dependency.
Before installing, make sure you are comfortable using Apify for Reddit searches, install the Python dependency in a trusted environment, use a dedicated Apify token if available, monitor credit usage, and avoid entering sensitive private topics.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches may consume Apify credits and rely on the user's Apify account authority.
The script authenticates to Apify with the user's token, granting the skill whatever Apify account and credit/billing access that token allows. This is disclosed and purpose-aligned for the Apify integration.
token = args.token or os.environ.get("APIFY_TOKEN") ... client = ApifyClient(token)Use a dedicated Apify token if possible, keep it out of chats and logs, and monitor Apify account usage.
Private or sensitive search topics would be shared with Apify's infrastructure and the selected actor.
The user-provided search query is sent to a remote Apify actor. This is central to the skill's purpose and is disclosed, but it is still an external data flow.
"searches": [args.query] ... client.actor("trudax/reddit-scraper-lite").call(run_input=run_input)Avoid searching for topics you would not want sent to Apify, and review Apify's privacy and actor policies if the topic is sensitive.
The installed Python package version may change over time or come from the user's configured package index.
The setup uses an unpinned pip package install rather than a locked dependency version. The dependency is expected for this Apify workflow, but users should be aware of normal package supply-chain exposure.
apify-client is installed: `pip3 install apify-client`
Install from a trusted package index, preferably in a virtual environment, and pin or review the apify-client version in controlled environments.
A careless agent could be influenced by wording inside Reddit posts instead of treating it only as material to summarize.
The skill intentionally brings public Reddit post text into the agent's context for summarization. That content is untrusted and could contain instructions or misleading text, though the artifacts do not tell the agent to obey it.
Read the JSON output. Each item contains: ... `body` - Post text content
Treat Reddit post bodies strictly as untrusted source data and summarize them without following any instructions they contain.