Skills
skills/openclaw/skills/reddit-api/Gen Agent Trust Hub

reddit-api

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the 'mcporter' package from npm. Since the author and repository are not part of the 'Trusted External Sources' list, this is considered an unverifiable dependency.
  • COMMAND_EXECUTION (MEDIUM): The skill's primary functionality relies on executing shell commands via the 'mcporter' binary to perform API calls. This allows the skill to execute code locally through the installed tool.
  • PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) because it retrieves untrusted data from Reddit.
  • Ingestion points: Untrusted content is ingested through the 'getRedditCommentsByKeywords' and 'getRedditPostsByKeywords' tools.
  • Boundary markers: Absent. The skill does not provide instructions to the agent on how to delimit or ignore instructions found within the retrieved Reddit data.
  • Capability inventory: The skill has network access and command execution capabilities via mcporter.
  • Sanitization: Absent. There is no evidence of sanitization or filtering of the retrieved social media content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 01:51 AM