← Back to Skills Marketplace
Reddit Quote Carousel
by
psyduckler
· GitHub ↗
· v1.0.0
679
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install reddit-quote-carousel
Description
Create an Instagram carousel from a popular-picks list with Reddit quotes. Cover slide uses "clean" style with "Top CATEGORY in Destination" title. Each attr...
Usage Guidance
This skill's description is plausible, but its runtime instructions assume local scripts, repository hosting, and Instagram publishing credentials that are not declared. Before installing or using it, ask the author: (1) Where does the overlay.py script come from? Provide an install or dependency manifest instead of a hard-coded /Users/psy path. (2) How will Instagram publishing and repo hosting be authenticated? The skill should explicitly declare required environment variables (Instagram token, git/CI deploy key) and request only those it needs. (3) Confirm licensing/copyright for using downloaded Instagram photos and for reprinting Reddit text; ensure proper attribution and permissions. If you proceed, test the skill in a sandboxed environment, do not provide broad credentials until you understand how they will be used, and prefer a version that documents installs and required secrets instead of relying on implicit local files.
Capability Analysis
Type: OpenClaw Skill
Name: reddit-quote-carousel
Version: 1.0.0
The skill is classified as suspicious due to critical vulnerabilities. The `SKILL.md` file demonstrates a shell injection risk in Sub-agent 2, where user-controlled and scraped content (e.g., `{REDDIT_QUOTE}`, `{CATEGORY}`) is directly interpolated into `python3` command-line arguments without apparent sanitization, potentially leading to arbitrary command execution. Additionally, the `popular_picks_url` parameter in Sub-agent 1 presents a Server-Side Request Forgery (SSRF) or Local File Inclusion (LFI) risk if the `web_fetch` function is not properly restricted, allowing access to internal network resources or local files.
Capability Assessment
Purpose & Capability
The name/description (build an Instagram carousel from Reddit quotes) is plausible, but the runtime instructions assume access to a local overlay script, to a 'tabiji' repo for hosting, and to publish-to-Instagram steps. None of those capabilities or required credentials are declared. The skill therefore asks for capabilities beyond what its metadata indicates.
Instruction Scope
SKILL.md tells the agent to fetch web pages, download candidate images, vision-score them, write a manifest to /tmp, run a hard-coded Python script at /Users/psy/.openclaw/.../overlay.py, and host/publish images in a tabiji repo and to Instagram. These instructions reference specific local filesystem paths, a repo write/publish flow, and external publish actions — all of which grant broader access than the skill's manifest shows.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in itself, but the skill assumes the presence of a specific Python script in a user workspace and other tooling. That implicit dependency is not installed or declared, making the instructions non-portable and potentially failing or causing the agent to try to access unexpected local files.
Credentials
The skill declares no required environment variables or credentials, yet publishing to Instagram and hosting images in a repo normally require authentication tokens (Instagram API credentials, git credentials or CI deploy keys). The SKILL.md does not state how authentication is supplied, so secrets and access needed by the actions are missing from metadata — a proportionality mismatch.
Persistence & Privilege
always is false and the skill itself doesn't request permanent platform-level presence. However, the instructions direct writing to a code repo (img/instagram/) and running /Users/psy/... scripts — actions that could modify project state or require repository push permissions. That's a privilege/impact concern even though the skill doesn't set always:true.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install reddit-quote-carousel - After installation, invoke the skill by name or use
/reddit-quote-carousel - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Reddit Quote Carousel?
Create an Instagram carousel from a popular-picks list with Reddit quotes. Cover slide uses "clean" style with "Top CATEGORY in Destination" title. Each attr... It is an AI Agent Skill for Claude Code / OpenClaw, with 679 downloads so far.
How do I install Reddit Quote Carousel?
Run "/install reddit-quote-carousel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Reddit Quote Carousel free?
Yes, Reddit Quote Carousel is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Reddit Quote Carousel support?
Reddit Quote Carousel is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Reddit Quote Carousel?
It is built and maintained by psyduckler (@psyduckler); the current version is v1.0.0.
More Skills