Reddit Skill
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Reddit automation skill, but it asks agents to run or bootstrap an external ThreadPilot binary while handling Reddit account actions and credentials.
Install only if you trust the ThreadPilot upstream code and are comfortable letting it operate with your Reddit session. Prefer a test account or isolated environment, review or manually install the ThreadPilot binary before first use, keep duplicate-post protection enabled, and require dry-run previews plus explicit confirmation for every like, comment, or post.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.