Is hioliver933/reddit-spy safe?

https://github.com/openclaw/skills/tree/main/skills/hioliver933/reddit-spy

91
SAFE

This Reddit intelligence gathering skill appears to function as advertised without malicious behavior toward the user's system. While it uses stealth techniques and Tor for anonymized Reddit scraping, no evidence of data exfiltration, prompt injection, or system compromise was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (4)

MEDIUM Uses Tor for anonymized access -10

The skill uses Tor SOCKS5 proxy for anonymized Reddit access, which could be concerning in corporate or restricted environments where Tor usage is prohibited.

MEDIUM Designed to circumvent bot detection -10

The skill explicitly mentions bypassing Reddit's bot detection and rate limiting mechanisms, which could potentially violate Reddit's terms of service.

LOW Uses browser automation framework -5

The skill includes Playwright for browser automation, which while legitimate for this use case, could potentially be repurposed for other activities.

INFO Collects external data -5

The skill is designed to collect and analyze data from Reddit, which is its intended purpose but involves data collection activities.