Security audit

Reddit Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Reddit lookup tool that sends user-directed queries to Reddit and shows public subreddit/post information.

Install only if you are comfortable sending subreddit names and search terms to reddit.com. Avoid entering secrets, private project names, or internal identifiers as search queries; the skill does not appear to use credentials, access local data, or persist anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The skill sends user-provided subreddit names and search queries to Reddit, but the description does not clearly warn users that their inputs are transmitted to an external service. This can create a privacy and data-handling transparency issue, especially if users enter sensitive project names, internal terms, or identifiers assuming the tool is purely local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal