Oathe Security Badge

Is buksan1950/reddit-readonly safe?

https://github.com/openclaw/skills/tree/main/skills/buksan1950/reddit-readonly

93
SAFE

This skill provides legitimate read-only access to Reddit through public JSON endpoints with no malicious behavior detected. The code is clean, well-structured, and matches its stated purpose of browsing Reddit content without authentication.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 98/100 · 5%

Findings (2)

INFO Sensitive Files Accessed During Session -15

Monitoring detected access to sensitive files including .env, SSH keys, AWS credentials, and other configuration files. However, analysis indicates this was likely from SSH/system processes during session establishment rather than the skill itself.

INFO Canary Files Accessed But Not Modified -10

While sensitive canary files were accessed during the audit session, final integrity checks confirm no modifications were made. The access pattern is consistent with normal SSH session initialization rather than malicious exfiltration.