Is reddit-scraper safe?

https://clawhub.ai/javicasper/reddit-scraper

70
CAUTION

The reddit-scraper skill's Python source code is clean and does what it claims — reads Reddit posts via the public JSON API. However, the installation process accessed sensitive credential files (.env, .aws/credentials, auth-profiles.json) that have no legitimate relationship to a Reddit scraper. While no network exfiltration was observed during the monitored install window, the credential reads are a serious concern as the data could be staged for later exfiltration through the skill's legitimate Reddit API requests.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 45/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 40/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 55/100 · 5%

Findings (8)

CRITICAL Install process accessed .env and AWS credentials -40

During skill installation, the process opened and read /home/oc-exec/.env and /home/oc-exec/.aws/credentials. A Reddit scraper has no legitimate reason to access AWS credentials or environment secrets during installation. While no network exfiltration was observed during the monitoring window, the credential reads represent unauthorized access to sensitive files.

HIGH Install process accessed agent auth profiles -20

The installation process read /home/oc-exec/.openclaw/agents/main/agent/auth-profiles.json, which contains agent authentication configurations. This file contains credentials for the agent's connected services.

HIGH Sensitive file reads during install create exfiltration risk -40

Although no immediate network exfiltration was detected, the skill read .env, .aws/credentials, and auth-profiles.json during installation. The data could be cached or encoded for later exfiltration through the Reddit API requests (e.g., encoding secrets in search queries sent to reddit.com, which would appear as legitimate skill operation).

MEDIUM Outbound HTTP requests to reddit.com could carry encoded data -15

The script makes HTTP GET requests to reddit.com with parameters including search queries and subreddit names. A sophisticated attacker could modify the script post-install to encode exfiltrated data in these parameters, making it look like normal Reddit browsing.

MEDIUM Executable Python script with network access -25

The skill includes a Python script that makes outbound HTTP requests. While the current code only contacts reddit.com, the script could be modified post-install to contact arbitrary endpoints. The agent is instructed to run this script via python3 command execution.

LOW Uses requests library for HTTP — expected but increases surface -15

The script imports and uses the requests library. This is expected for a Reddit scraper but means the skill has full HTTP client capabilities.

LOW Hardcoded root path in examples -15

SKILL.md examples use hardcoded path /root/clawd/skills/reddit/scripts/ which assumes root-level access. This could cause the agent to attempt execution in privileged directories.

INFO JIT cache files created in /tmp during install 0

Multiple jiti cache files were created in /tmp/jiti/ during installation. This appears to be standard behavior from the installer framework (JIT TypeScript compilation) rather than malicious activity.