ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reddit Researcher Agent

v1.0.0

Scan Reddit for posts matching keywords and summarize findings. Uses Bing primary + Reddit JSON API fallback — robust against DuckDuckGo bot blocking. Use wh...

0· 105·0 current·0 all-time
by@kryzl19

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kryzl19/reddit-researcher-agent.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Reddit Researcher Agent" (kryzl19/reddit-researcher-agent) from ClawHub.
Skill page: https://clawhub.ai/kryzl19/reddit-researcher-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install reddit-researcher-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install reddit-researcher-agent
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the scripts: they search Reddit (via web search or Reddit JSON) and produce summaries. Requiring only curl (registry) is understating actual needs: the scripts legitimately call python3, md5sum, stat, grep -P and expect certain coreutils behavior, so the declared capability requirements are incomplete.
!
Instruction Scope
SKILL.md and scripts instruct network queries to Bing/DuckDuckGo/Reddit (expected), caching, and file reads/writes. However: SKILL.md says REDDIT_KEYWORDS is required yet registry lists no required env vars; SKILL.md mentions a cache path under ~/.openclaw/... but scripts use a local ../cache directory; summarize.sh expects markdown/URLs and writes caches and export.sh writes to a relative exports dir. The scripts also invoke python3 for JSON parsing and use grep -P, md5sum, stat -c, which are not declared. These mismatches grant the agent broader file/command access than the registry/doc declares.
Install Mechanism
Instruction-only skill with included shell scripts and no install spec; nothing is downloaded from external URLs during install. This is the lowest install risk. The runtime does make outbound HTTP requests (search engines, reddit), which is expected for this skill.
!
Credentials
No secrets or credentials are requested (appropriate), but the SKILL.md defines environment variables (REDDIT_KEYWORDS required, REDDIT_SUBREDDITS, REDDIT_SEARCH_ENGINE) that the registry did not declare as required. The scripts rely on values from environment variables and caller-provided args; the mismatch could cause surprise behavior. No external credentials are requested or exfiltrated by the code.
Persistence & Privilege
The skill is not always-enabled, does not request elevated privileges, and does not modify other skills or system-wide agent settings. It writes cache and export files to local relative directories only.
What to consider before installing
This skill appears to implement Reddit searching and summarization, but there are several implementation/documentation mismatches you should address before installing: - Missing declared runtime dependencies: the scripts call python3, md5sum, stat -c, and use grep -P; the registry only lists curl. Ask the author to add these to requires.bins or ensure the scripts degrade gracefully. Without them the skill may fail or behave unpredictably. - Environment variable mismatch: SKILL.md marks REDDIT_KEYWORDS as required and documents REDDIT_SEARCH_ENGINE/REDDIT_SUBREDDITS, but the registry lists no required env vars. Confirm how the skill should be provided inputs and whether the agent will prompt for them. - Documentation vs code inconsistencies: SKILL.md claims a cache location under ~/.openclaw/... but scripts use a local ../cache; clarify where files are written so you can review and control them. - Network activity: the scripts make outbound requests to third-party search engines and reddit.com. This is expected for the skill, but be aware of scraping/ToS and potential IP rate-limiting. The scripts set User-Agent strings (including a "research bot" UA) — consider changing to an explicit identifiable agent or using authenticated Reddit API access if appropriate. - Run in a sandbox first: because of the missing dependency declarations and file writes, test the scripts in an isolated environment (container or VM) and inspect the cache/export directories before using on sensitive hosts. If the author can update the registry to declare the actual runtime binaries and fix the documentation mismatches (cache path, required env vars), the skill's coherence will improve. Until then, treat it as suspicious and proceed cautiously.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binscurl
automationvk9703fc07p63qf06v14w63wswh83ksbalatestvk9703fc07p63qf06v14w63wswh83ksbaredditvk9703fc07p63qf06v14w63wswh83ksbaresearchvk9703fc07p63qf06v14w63wswh83ksbasocialvk9703fc07p63qf06v14w63wswh83ksba
105downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@kryzl19
automationlatestredditresearchsocial
Download

Reddit Researcher

Search Reddit for posts and comments matching your keywords, extract insights and pain points.

Environment Variables

VariableRequiredDefaultDescription
REDDIT_SUBREDDITSNoallComma-separated list of subreddits (e.g., technology,programming)
REDDIT_KEYWORDSYesComma-separated keywords to search for
REDDIT_SEARCH_ENGINENobingSearch engine: bing, google, or reddit (direct JSON API)

Scripts

scan.sh — Search Reddit

Searches Reddit for posts matching keywords using DuckDuckGo.

./scripts/scan.sh <keywords>

Output: List of Reddit post titles with URLs.

summarize.sh — Extract Pain Points

Fetches Reddit posts and extracts common themes, complaints, and requests.

./scripts/summarize.sh <post_urls_file>

Output: Markdown summary with pain points, desires, and patterns.

export.sh — Export Findings

Exports all research findings to a markdown file with timestamp.

./scripts/export.sh <summary_file>

Output: reddit-research-YYYY-MM-DD.md in the output directory.

Usage Example

export REDDIT_KEYWORDS="AI coding,ChatGPT,developer tools"
export REDDIT_SUBREDDITS="programming,technology,artificial"

# Search for posts
./scripts/scan.sh "$REDDIT_KEYWORDS" > posts.txt

# Summarize findings
./scripts/summarize.sh posts.txt

# Export results
./scripts/export.sh summary.md

Notes

  • Uses Bing as primary search engine, with Reddit JSON API and Google as fallbacks — designed to work even when DuckDuckGo blocks automated queries
  • Set REDDIT_SEARCH_ENGINE=reddit for direct Reddit API access (no search engine needed)
  • Respects rate limits; adds delays between requests
  • Results cached in ~/.openclaw/workspace/skills/reddit-researcher/cache/
  • Output format is Reddit markdown with proper link formatting

Comments

Loading comments...