← Back to Skills Marketplace

Reddit Spy

Name: Reddit Spy
Author: hioliver933

by oh-coder · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

605

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install reddit-spy

Description

Stealth Reddit intelligence -- browse, read, and analyze any subreddit without getting blocked. Multi-layer fallback (OAuth API -> Stealth HTTP -> Browser St...

Usage Guidance

Things to consider before installing or running this skill: - It is designed to evade Reddit rate limits and blocks (Tor circuit rotation, UA rotation, Playwright stealth). That behavior can be used legitimately for research but can also violate Reddit's terms of service—review legal/terms implications. - The SKILL.md tells you to check and start a systemd Tor service (systemctl). Starting/stopping system services requires elevated privileges and affects the host; only run if you control the machine and understand the changes. - The code reads TOR_CONTROL_PASS from the environment but that variable is not declared in the registry meta; its default is the hard-coded weak string 'openclaw_tor'. If you run this, set TOR_CONTROL_PASS to a unique secret or disable circuit rotation. Leaving defaults may allow unwanted external control of your Tor instance. - The tool optionally asks for REDDIT_CLIENT_ID/SECRET/USERNAME/PASSWORD for OAuth. Only provide those credentials if you trust the skill author and are prepared to store them in your environment; the code will store cookies and tokens in ~/.openclaw/.reddit-spy-cache. - Playwright and related packages are heavy (download browsers). Consider running the skill in a sandboxed environment or VM to limit impact and to prevent accidental host-level changes. - If you intend to use proxies, be careful: REDDIT_PROXY_URL can include credentials (http://user:pass@proxy:port) — those will be read from your environment. - Recommendations: inspect/run code in a contained environment (VM/container), do not supply Reddit credentials unless necessary, set a strong TOR_CONTROL_PASS if you run Tor locally, and consider whether stealth scraping is acceptable for your use case and policy/legal constraints.

Capability Analysis

Type: OpenClaw Skill Name: reddit-spy Version: 1.0.0 The skill is designed for 'Stealth Reddit intelligence' and uses various legitimate, albeit privacy-sensitive, techniques like Tor, Reddit OAuth, and browser automation (Playwright) to achieve its goal. It accesses environment variables for credentials and saves cookies for session persistence, which aligns with its stated purpose. However, the `browser_stealth.py` module uses Playwright with `--no-sandbox` and `--disable-setuid-sandbox` flags. While often used for headless browsers in containerized environments, these flags disable critical security isolation features, creating a vulnerability that could be exploited if the browser process itself is compromised. This constitutes a risky capability without clear malicious intent, classifying the skill as suspicious.

Capability Assessment

ℹ Purpose & Capability

Name/description (stealth Reddit scraping) align with the code: OAuth, HTTP, Tor, Playwright and an archive service (PullPush) are all implemented and expected for the stated goal. Minor mismatch: _meta.json lists only Reddit env vars and proxy, but the code also reads TOR_CONTROL_PASS (not declared) and assumes a local Tor service—so not everything the code uses is declared in the manifest or SKILL meta.

⚠ Instruction Scope

SKILL.md explicitly instructs verifying/starting a systemd Tor service (systemctl start/ status) and setting environment variables containing credentials and proxy URLs. Those instructions affect host services and may require root/privileged access; SKILL.md also suggests installing heavy dependencies (playwright). The runtime code persists cookies and browser storage to ~/.openclaw/.reddit-spy-cache. These actions extend scope beyond simple read-only API calls and should be explicit to users and admins.

ℹ Install Mechanism

This is instruction-only (no install spec in registry) but includes requirements.txt that pulls playwright/playwright-stealth and curl_cffi — heavy, legitimate dependencies for browser automation and stealth. No downloads from untrusted URLs; install risk is moderate because Playwright installation can install browsers and requires extra steps (playwright install chromium).

⚠ Credentials

Declared optional envs (REDDIT_CLIENT_ID/SECRET/USERNAME/PASSWORD and REDDIT_PROXY_URL) match OAuth/proxy functionality. However, code reads TOR_CONTROL_PASS from environment (defaulting to a weak literal 'openclaw_tor') and the manifest does not declare this variable. Asking users to provide Reddit credentials and proxy URLs is reasonable but sensitive — the skill will persist cookies and potentially store OAuth tokens in process memory. The default TOR control password and undisclosed control variable are concerning.

ℹ Persistence & Privilege

always is false and the skill does not request autonomous platform-wide privileges. The skill writes cache/cookies to the user's home (~/.openclaw/.reddit-spy-cache) and may control a local Tor instance (circuit rotation) via Tor control port if password available. It also suggests starting a systemd service (affects host). Those persistences are limited to user filesystem and a local Tor service, but they are materially capable of changing host network behavior.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install reddit-spy
After installation, invoke the skill by name or use /reddit-spy
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of reddit-spy for stealth subreddit analysis: - Enables browsing, reading, and analyzing any subreddit without getting blocked, using a multi-layer fallback system (OAuth API → Tor → Stealth HTTP → Browser Stealth → PullPush archive). - Provides comprehensive commands including spy (full subreddit scan), deep-read (posts + comments), bulk-scan (multi-subreddit sweep), strategy extraction, keyword search, user-intel, and health-check. - Designed for reliability and anti-blocking: auto-rotates IPs with Tor, caches layer health, and respects API/Reddit rate limits. - Returns detailed analytics: content types, hook patterns, timing, post rankings, and actionable recommendations. - Read-only operation with safety limits and optional OAuth/Proxy support for higher reliability.

Metadata

Slug reddit-spy

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Reddit Spy?

Stealth Reddit intelligence -- browse, read, and analyze any subreddit without getting blocked. Multi-layer fallback (OAuth API -> Stealth HTTP -> Browser St... It is an AI Agent Skill for Claude Code / OpenClaw, with 605 downloads so far.

How do I install Reddit Spy?

Run "/install reddit-spy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Reddit Spy free?

Yes, Reddit Spy is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Reddit Spy support?

Reddit Spy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Reddit Spy?

It is built and maintained by oh-coder (@hioliver933); the current version is v1.0.0.

More Skills