Reddit (read only - no auth)
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to provide disclosed read-only Reddit browsing, with the main cautions being external Reddit requests, local Node execution, and limited provenance information.
This looks like a purpose-aligned read-only Reddit browsing skill. Before installing, be comfortable with the agent sending your Reddit search terms and requested post or subreddit names to Reddit, and prefer reviewing the full script/provenance because the source is listed as unknown. No Reddit credentials are needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms, subreddit names, and requested post URLs may be sent to Reddit when the agent uses the skill.
The skill runs a local command that sends user-supplied Reddit search terms to an external service. This is disclosed and central to the skill's read-only Reddit browsing purpose.
node {baseDir}/scripts/reddit-readonly.mjs search all "<query>" --limit 10Use non-sensitive queries and keep limits modest; review results before acting on them manually.
A user has less external context for who maintains the skill or where to verify updates.
The runnable skill has no declared upstream source or homepage, which limits provenance checks even though the visible behavior is coherent and read-only.
Source: unknown; Homepage: none
Install only if you trust the registry owner or can inspect the full included script before use.
The agent may execute the included script locally to fetch Reddit data.
The skill operates by executing an included Node.js script. This is expected for its CLI-based design, but users should understand that local code will run with network access.
node {baseDir}/scripts/reddit-readonly.mjs posts <subreddit>Ensure Node.js is from a trusted installation and review the script if you require a high-assurance environment.