Is reddit-readonly safe?

The skill includes reddit-readonly.mjs which the agent executes via 'node', but the actual source code of this script was not included in the evidence bundle. Only the file path was listed. Without source review, we cannot verify the script's behavior — it could contain arbitrary code including data exfiltration, file access, or remote code execution.

The skill's core functionality requires outbound HTTP requests to Reddit. Without source code review, we cannot confirm the script only contacts reddit.com and doesn't also send data to other endpoints. The script could exfiltrate user queries, conversation context, or local file contents to an attacker-controlled server.

Subreddit names, search queries, post URLs, and various filter parameters are passed as command-line arguments to the node script. Without source code review, we cannot verify these inputs are properly sanitized against injection attacks.

The skill documents environment variables (REDDIT_RO_USER_AGENT, REDDIT_RO_TIMEOUT_MS, etc.) that modify runtime behavior. While these are standard configuration patterns, the USER_AGENT variable in particular is sent in HTTP headers and could be pre-set to contain sensitive data by a malicious actor in a multi-skill environment.

The 'Suggested agent workflow' section instructs the agent to follow a specific multi-step process including clarifying scope, fetching threads, and proposing draft replies. While benign in this context, this pattern of behavioral instruction could be exploited in a malicious skill to direct the agent toward harmful actions disguised as workflow steps.

Filesystem monitoring shows .env, .aws/credentials, and various config files were opened during installation. Temporal correlation with openclaw gateway lock file creation suggests these accesses are from the host runtime environment, not the skill. No modifications were detected.