Reddit Search
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do what it says: it queries public Reddit JSON endpoints for subreddit and post information without credentials, persistence, or local data access.
This looks like a straightforward Reddit lookup tool. Before installing, note that your search terms and subreddit names will be sent to reddit.com, but the artifacts do not show credential use, local data access, persistence, or destructive behavior.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms and requested subreddit names are sent to Reddit when the command is used.
The script makes outbound HTTP GET requests to Reddit, which is expected for a Reddit search/info skill and is limited to public Reddit JSON endpoints.
const REDDIT_BASE = 'https://www.reddit.com'; ... const response = await reddit.get(path);
Use it only for Reddit queries you are comfortable sending to Reddit; no credentials appear to be required.