Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- scripts/reddit-readonly.mjs:16
Security audit
Security checks across malware telemetry and agentic risk
This skill appears to be a disclosed read-only Reddit browsing helper that runs a local Node script and sends user-directed Reddit queries to Reddit only.
Install only if you are comfortable with a local Node script making public requests to reddit.com and sending the subreddit names, search terms, and post URLs you ask it to inspect. No Reddit credentials are required, and the visible artifacts do not show posting or account mutation.
65/65 vendors flagged this skill as clean.
Detected: suspicious.env_credential_access