ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reddit Researcher

v1.0.0

Scan Reddit for posts matching keywords and summarize findings. Uses Bing primary + Reddit JSON API fallback — robust against DuckDuckGo bot blocking. Use wh...

0· 96·0 current·0 all-time
by@kryzl19·duplicate of @kryzl19/reddit-researcher-agent

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kryzl19/strd-reddit-researcher.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Reddit Researcher" (kryzl19/strd-reddit-researcher) from ClawHub.
Skill page: https://clawhub.ai/kryzl19/strd-reddit-researcher
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install strd-reddit-researcher

ClawHub CLI

Package manager switcher

npx clawhub@latest install strd-reddit-researcher
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the code: scripts search the web/Reddit, fetch posts, and produce summaries. However, registry metadata lists no required env vars while SKILL.md requires REDDIT_KEYWORDS and optional REDDIT_SUBREDDITS/REDDIT_SEARCH_ENGINE. SKILL.md says cache is in ~/.openclaw/... but the scripts use a local ../cache directory. These inconsistencies mean the metadata and docs are not fully aligned with the actual capability.
Instruction Scope
Runtime instructions and scripts operate within the stated scope: they perform network searches (Bing/DuckDuckGo/Reddit), fetch Reddit JSON, extract titles/comments, and write local cache and export files. They do not attempt to read other user files or transmit data to unexpected third-party endpoints. Caveats: the scripts invoke additional system tools (python3, md5sum, stat -c, grep -P, cut, wc) that are not declared; some commands (stat -c, grep -P) are platform-specific and may fail on non-Linux hosts.
Install Mechanism
No install spec (instruction-only) and included scripts are simple shell/Python one-liners. Risk is low from an installer perspective, but the scripts will write cache and export files into directories relative to the skill and the user's filesystem.
Credentials
The skill does not request secrets or cloud credentials (no TOKENS/KEYS). However, SKILL.md requires REDDIT_KEYWORDS (required) and uses REDDIT_SUBREDDITS/REDDIT_SEARCH_ENGINE, yet the registry metadata did not list these env vars—an inconsistency. Also the scripts set custom User-Agent headers when querying external services (benign but notable).
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or global agent configuration. It caches fetched pages to a local cache directory and writes export markdowns; that is standard and limited in scope.
What to consider before installing
What to consider before installing: - Functional fit: The scripts do match a 'Reddit researcher' purpose — they query search engines and Reddit, then summarize posts. - Mismatched metadata/docs: The registry lists no required env vars or binaries, but SKILL.md and the scripts expect REDDIT_KEYWORDS (required) and may use REDDIT_SUBREDDITS/REDDIT_SEARCH_ENGINE. The skill's documented cache path (~/.openclaw/...) does not match the actual ./cache directory used by the scripts. Ask the author to reconcile metadata and documentation before trusting automatic installs. - Undeclared dependencies: The scripts call python3, md5sum, stat (with -c), and rely on grep -P and other GNU-specific flags. Ensure these binaries exist on your system or run in a sandboxed environment. The registry only declared curl; that is insufficient. - Networking & scraping: The skill will make outbound requests to Bing, DuckDuckGo (html.duckduckgo.com), and reddit.com. If you or your org restricts outgoing traffic or forbids scraping, do not run it. Also be aware of Reddit's terms of service concerning automated scraping. - Files written: The skill caches responses and writes export markdown files. If you run this on sensitive hosts, confirm where files are written and review cache contents. - Practical steps: Review/patch the SKILL.md to declare REDDIT_KEYWORDS and required binaries, test the scripts locally in a disposable/sandbox environment, and ensure rate limits/robots policy are acceptable. If you need higher assurance, ask the publisher for an updated release that fixes metadata, documents dependencies (python3, coreutils), and clarifies cache paths. Given the inconsistencies (metadata vs. actual scripts and undeclared binaries) I recommend exercising caution (review and test manually) rather than installing blindly.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binscurl
latestvk9748e5gmeeqvv0xazgvnc144n83mkzd
96downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@kryzl19
latest
Download

Reddit Researcher

Search Reddit for posts and comments matching your keywords, extract insights and pain points.

Environment Variables

VariableRequiredDefaultDescription
REDDIT_SUBREDDITSNoallComma-separated list of subreddits (e.g., technology,programming)
REDDIT_KEYWORDSYesComma-separated keywords to search for
REDDIT_SEARCH_ENGINENobingSearch engine: bing, google, or reddit (direct JSON API)

Scripts

scan.sh — Search Reddit

Searches Reddit for posts matching keywords using DuckDuckGo.

./scripts/scan.sh <keywords>

Output: List of Reddit post titles with URLs.

summarize.sh — Extract Pain Points

Fetches Reddit posts and extracts common themes, complaints, and requests.

./scripts/summarize.sh <post_urls_file>

Output: Markdown summary with pain points, desires, and patterns.

export.sh — Export Findings

Exports all research findings to a markdown file with timestamp.

./scripts/export.sh <summary_file>

Output: reddit-research-YYYY-MM-DD.md in the output directory.

Usage Example

export REDDIT_KEYWORDS="AI coding,ChatGPT,developer tools"
export REDDIT_SUBREDDITS="programming,technology,artificial"

# Search for posts
./scripts/scan.sh "$REDDIT_KEYWORDS" > posts.txt

# Summarize findings
./scripts/summarize.sh posts.txt

# Export results
./scripts/export.sh summary.md

Notes

  • Uses Bing as primary search engine, with Reddit JSON API and Google as fallbacks — designed to work even when DuckDuckGo blocks automated queries
  • Set REDDIT_SEARCH_ENGINE=reddit for direct Reddit API access (no search engine needed)
  • Respects rate limits; adds delays between requests
  • Results cached in ~/.openclaw/workspace/skills/reddit-researcher/cache/
  • Output format is Reddit markdown with proper link formatting

Comments

Loading comments...