Back to skill

Security audit

Maxhub Reddit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed read-only Reddit research skill that sends queries to MaxHub, with some privacy-sensitive public-user lookup features users should control deliberately.

Install only if you are comfortable routing Reddit searches, usernames, post IDs, and related query context through MaxHub at https://www.aconfig.cn. Use it for read-only research, keep the MAXHUB_API_KEY private, avoid providing Reddit cookies or session credentials, and ask for confirmation before looking up a specific person’s comment or post history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented `check_subreddit_muted` endpoint reveals user-specific account state (`isMuted`) rather than purely public Reddit community data. In a skill advertised as focused on public community analysis and read-only research, exposing private preference/state data broadens data access beyond user expectations and can leak behavioral information about the authenticated account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs authenticated requests to an external service and operates on Reddit queries, post IDs, comment cursors, usernames, and other context-bearing identifiers, but it does not disclose that this information will be transmitted to https://www.aconfig.cn. In a read-only data skill this is not remote code execution, but it is still a meaningful privacy and transparency issue because user intent, search targets, and possibly sensitive investigation topics may be exposed to a third-party API.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger table contains very broad phrases such as “发现”, “找人”, “精选”, and “热门帖子”, which can match ordinary conversational requests and cause the agent to invoke this skill when the user did not clearly intend Reddit data access. In a read-only OSINT-style skill, this is not direct code execution, but it can still lead to unintended external queries, privacy-relevant retrieval of UGC, and incorrect workflow chaining based on ambiguous intent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "发现" is extremely broad and can easily match ordinary user language unrelated to this recipe, causing the agent to invoke the explore flow unexpectedly. In a Reddit data retrieval skill, this can lead to unintended external requests, irrelevant data exposure in responses, and tool misrouting that bypasses user intent precision.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "找人" is overly broad for a skill that performs Reddit user search, because it can match common conversational language unrelated to explicit consent or platform-specific lookup intent. In this skill context, that increases the chance an agent invokes user-profile search on ambiguous requests, which can lead to unnecessary collection or display of public profile data and analysis of user-generated content containing personal or sensitive information.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases for invoking this recipe are very broad ('用户帖子', '看看ta的帖子') and do not constrain user identity, consent, or investigative scope. In a skill that fetches Reddit user profiles and post history, this can cause unintended invocation on vague prompts and facilitate casual collection of a user's activity history, increasing privacy and over-collection risks.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The comment-related trigger phrases ('用户评论', 'ta的评论') are even more sensitive because they can expose a user's discussion history, opinions, and potentially personal or sensitive data embedded in comments. Because the phrases are ambiguous and underspecified, the agent may trigger this recipe from loose conversational context and retrieve comment history without sufficiently explicit user intent.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The document instructs agents to send requests with a bearer API key to an external service but does not explicitly warn that usernames, query context, and any user-supplied content may be transmitted off-platform. In this skill, that matters because the skill is designed to analyze Reddit content and user data, so operators may unintentionally send personal or sensitive data to a third-party endpoint without clear disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.