Back to skill
Skillv1.0.1
ClawScan security
Reddit Researcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 10:38 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions match its stated purpose (searching and summarizing Reddit) and do not ask for unrelated privileges or risky installs.
- Guidance
- This skill is internally consistent and behaves like a simple Reddit scraper/helper. Before installing: (1) only provide Reddit credentials if you trust the skill — use a dedicated account and rotate credentials; (2) prefer a secrets manager over environment variables in production; (3) follow Reddit's API terms and rate limits to avoid bans; (4) note the skill will make network requests to reddit.com and may retrieve public user-generated content, so consider privacy/regulatory requirements for downstream use. If you need verification of network targets, ask the publisher for a homepage or source repository (none is provided).
Review Dimensions
- Purpose & Capability
- okName/description describe Reddit search and analysis and the SKILL.md only asks for Reddit API access (optional) and common CLI tools (curl, jq). The declared optional environment variables and oauth credential align with this purpose.
- Instruction Scope
- okInstructions are limited to making HTTP calls to reddit.com endpoints, obtaining an OAuth token, and parsing JSON. They do not instruct reading arbitrary local files, accessing unrelated services, or exfiltrating data to third-party endpoints.
- Install Mechanism
- okNo install spec or code files are included (instruction-only), so nothing will be written to disk by the skill itself. This is the lowest-risk install posture.
- Credentials
- okNo required environment variables or secrets are enforced. The SKILL.md documents optional Reddit credentials (client id/secret/user agent) which are appropriate and proportionate for higher-rate authenticated API access.
- Persistence & Privilege
- okSkill is not always-enabled and does not request elevated platform privileges or modify other skills/configs. Autonomous invocation is allowed by platform default but not combined with other concerning flags.