ClawHub

Reddit

Security checks across malware telemetry and agentic risk

Overview

This Reddit skill is coherent and not malicious, but it gives an agent live posting and moderation power with broad persistent OAuth access and limited built-in safeguards.

Review before installing. Use a dedicated low-privilege Reddit account or app, grant only the OAuth scopes you actually need, avoid shared machines, restrict permissions on ~/.reddit-token.json, and require explicit human approval before using submit, reply, or moderation commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README documents commands that can create posts, reply, and perform moderator actions like remove, approve, and sticky content, but it does not prominently warn that these operations change live Reddit state and may affect communities. In an agent context, exposing destructive or high-impact actions without explicit safety guidance increases the chance of unintended content changes or moderation abuse if the skill is invoked carelessly or by a compromised agent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes commands that can post, remove, approve, sticky, lock, and otherwise modify Reddit content, but it does not prominently warn users that these are destructive or high-impact actions. In an agent setting, this increases the chance of unintended moderation or posting activity, especially if a user or downstream automation invokes commands without understanding their effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persists Reddit access and refresh tokens to ~/.reddit-token.json without setting restrictive file permissions or warning the user that long-lived credentials are being stored locally. On multi-user systems or in permissive umask configurations, another local process or user could read the refresh token and obtain ongoing account access, including posting and moderation actions.

Session Persistence

Medium
Category
Rogue Agent
Content
```

**Posting & Moderation** (requires OAuth):
1. Create a Reddit app at https://www.reddit.com/prefs/apps
2. Set environment variables (see Setup below)
3. Run `node scripts/reddit.mjs login` once to authorize
Confidence
76% confidence
Finding
Create a Reddit app at https://www.reddit.com/prefs/apps 2. Set environment variables (see Setup below) 3. Run `node scripts/reddit.mjs login` once to authorize --- ## Setup for Posting/Moderation

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup (for posting/moderation)

1. Go to https://www.reddit.com/prefs/apps
2. Click "create another app..."
3. Select "script" type
4. Set redirect URI to `http://localhost:8080`
5. Note your client ID (under app name) and client secret
Confidence
76% confidence
Finding
create another app..." 3. Select "script" type 4. Set redirect URI to `http://localhost:8080` 5. Note your client ID (under app name) and client secret 6. Set environment variables: ```bash expo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal