Reddit Researcher
PassAudited by ClawScan on May 1, 2026.
Overview
No suspicious behavior is evident; the skill is a Reddit research guide with expected external Reddit API use and optional Reddit credentials that users should handle carefully.
This looks safe to use as an instruction-only Reddit research helper if you are comfortable sending research queries to Reddit. Use anonymous access when possible, or create a dedicated Reddit app/account for OAuth, and avoid using personal secrets or sensitive search topics.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Research queries and targets may be visible to Reddit through API requests, and broad searches can collect public user content at scale.
The skill uses raw HTTP commands to query Reddit. This is central to the stated research purpose and appears read-only, but it sends user-chosen topics, subreddits, and usernames to Reddit.
tools: - curl - jq ... curl "https://www.reddit.com/search.json?q=OpenCore+problems&sort=new&time=week&limit=25"
Use the skill for user-directed research, keep searches scoped, avoid sensitive private topics, and respect Reddit rate limits and terms.
If a personal Reddit app secret or account is used carelessly, it could be exposed or used beyond the intended research workflow.
The skill supports optional Reddit OAuth/client credentials for higher API rate limits. This is purpose-aligned, but it still introduces credential handling.
credentials:
- name: reddit_oauth
type: oauth2
required: false
...
REDDIT_CLIENT_SECRETPrefer anonymous access when enough; otherwise create a dedicated Reddit app/account, keep secrets out of logs and shared terminals, and rotate credentials if exposed.
A user may not see the optional credential and tool expectations from registry metadata alone before opening the skill instructions.
The registry metadata provides limited provenance and does not advertise the optional Reddit credential/env-var setup described by the skill. Because there is no install code and the credential use is disclosed in SKILL.md, this is a visibility note rather than a concern.
Source: unknown Homepage: none ... Required env vars: none Env var declarations: none Primary credential: none
Read the skill instructions before use and verify any Reddit credential setup manually; publishers should align registry metadata with the SKILL.md frontmatter.