WarnAudited by ClawScan on May 10, 2026.
Overview
The skill largely matches its Reddit purpose, but it requests high-impact Reddit credentials and broad OAuth/moderation authority without clear scoping or guardrails.
Install only if you intentionally want your agent to post and moderate Reddit. Avoid setting REDDIT_PASSWORD unless the maintainer explains why it is needed, review and reduce OAuth scopes where possible, protect or delete ~/.reddit-token.json when not in use, and require manual confirmation before any post, reply, or moderation action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may unnecessarily expose their Reddit password to the agent runtime or other local processes that can read the environment.
The setup instructions ask users to put their Reddit account username and password into the agent environment. That is high-impact account credential exposure and is not declared in the registry metadata.
export REDDIT_USERNAME="your_username" export REDDIT_PASSWORD="your_password"
Remove the password/username requirement unless it is truly needed, use OAuth authorization instead, and declare any required credentials explicitly in metadata.
If the token is misused, the agent or another local reader of the token file could act with broad Reddit account and moderator privileges.
The script requests and stores a long-lived OAuth token with broad Reddit posting and moderation scopes, including modmail, modconfig, contributors, and flair permissions.
const TOKEN_FILE = join(homedir(), '.reddit-token.json'); const SCOPES = 'read submit edit identity mysubreddits modposts modcontributors modmail modconfig modlog modself flair';
Request the minimum scopes needed for the documented commands, document each requested scope, and protect the token file with restrictive permissions.
An agent using this skill could create public posts/replies or remove/approve content if it misinterprets a request or acts too broadly.
The skill gives the agent direct commands for public posting, replying, and moderation actions, but the instructions do not include confirmation, subreddit allowlists, or review requirements.
node {baseDir}/scripts/reddit.mjs submit yoursubreddit --title "Weekly Discussion" --text "What's on your mind?"
node {baseDir}/scripts/reddit.mjs reply THING_ID "Your reply text here"
node {baseDir}/scripts/reddit.mjs mod remove THING_IDRequire explicit user confirmation before submit/reply/moderation actions and document which subreddits/actions are authorized.
Normally this just opens a browser, but shell-based launching can be more fragile if environment-derived values are malformed or malicious.
The login flow shells out to open the OAuth URL in a browser. This is purpose-aligned, but shell execution is broader than necessary.
exec(`${cmd} "${authUrl}"`);Use a safer browser-opening method that avoids shell interpretation, or spawn the command with argument arrays.