← 返回 Skills 市场
1171
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install reddit-explore
功能描述
This skill should be used when the user asks to "search Reddit", "explore Reddit posts", "find Reddit discussions about", "summarize Reddit opinions on", "what does Reddit think about", or wants to gather and summarize community opinions from Reddit on a specific topic.
安全使用建议
This skill appears to do what it says: it runs a small Python script that uses your Apify API token to call the trudax/reddit-scraper-lite actor and returns Reddit posts for summarization. Before installing: 1) Verify provenance — the package has no homepage and an unknown source; if you don't trust the publisher, inspect the included files (scripts/reddit_search.py and references) yourself. 2) Understand the credential you provide: APIFY_TOKEN grants access to your Apify account and may incur costs; use a token with limited permissions if possible and monitor billing. 3) Confirm you are comfortable installing the apify-client Python package via pip. 4) Be aware scraped Reddit content is public but may contain personal data — consider privacy needs before aggregating or sharing results. 5) Because disable-model-invocation is true, the model won't call this skill autonomously; if you later enable autonomous use, reassess permissions and provenance. If you want higher assurance, request the publisher's homepage or a signed/reviewed release, or review the apify actor (trudax/reddit-scraper-lite) on Apify to confirm expected behavior.
功能分析
Type: OpenClaw Skill
Name: reddit-explore
Version: 0.0.3
The skill is classified as suspicious due to a critical shell injection vulnerability identified in `SKILL.md`. The instruction `python3 ~/.agents/skills/reddit-explore/scripts/reddit_search.py --query "$ARGUMENTS" --max-items 30` directly embeds the `$ARGUMENTS` variable into a shell command without proper sanitization or quoting. This allows an attacker to inject arbitrary shell commands by crafting a malicious input for `$ARGUMENTS`, potentially leading to remote code execution on the agent's host system. The Python script `scripts/reddit_search.py` itself appears benign and performs its stated function of searching Reddit via Apify.
能力评估
Purpose & Capability
The skill claims to search Reddit and summarizes results. The included script calls Apify via apify-client and uses APIFY_TOKEN — exactly what you'd expect for an Apify-based Reddit scraper. Required binary (python3) and primaryEnv (APIFY_TOKEN) align with the stated functionality.
Instruction Scope
SKILL.md limits actions to running the included reddit_search.py script, reading its JSON output, and summarizing posts. It does not instruct the agent to read unrelated files, access other environment variables, or transmit data to unknown endpoints. Error handling and setup guidance are narrow and relevant.
Install Mechanism
This is instruction-only with an included small Python script; there is no install spec that downloads or executes arbitrary remote archives. The only runtime dependency is the apify-client Python package, which the SKILL.md instructs the user to install via pip if missing.
Credentials
Only APIFY_TOKEN is required and is justified because the script uses Apify's API. No unrelated secrets or multiple credentials are requested. The SKILL.md and script both reference APIFY_TOKEN and no additional environment variables are accessed.
Persistence & Privilege
The skill is not set to always:true and registry metadata shows disable-model-invocation:true, limiting autonomous invocation — this reduces risk. The skill does not request writing to other skills' config or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install reddit-explore - 安装完成后,直接呼叫该 Skill 的名称或使用
/reddit-explore触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.3
v0.0.3: Adopt OpenClaw metadata format — declare APIFY_TOKEN via metadata.openclaw.requires.env and primaryEnv (matching registry-recognized schema). Use disable-model-invocation (hyphenated) top-level key. Add requires.bins for python3. Fixes registry metadata inconsistency flagged by OpenClaw security scan.
v0.0.2
v0.0.2: Declare APIFY_TOKEN as required credential in manifest (env.APIFY_TOKEN.required: true). Set disableModelInvocation: true to prevent autonomous invocation without explicit user consent. Fixes security scan warnings about undeclared credentials and uncontrolled model invocation.
v0.0.1
- Initial release of reddit-explore: search Reddit for posts on any topic and generate structured summaries of community sentiment.
- Uses Apify `trudax/reddit-scraper-lite` actor to gather posts.
- Provides detailed summaries, including overall tone, key themes, notable posts, and subreddit activity.
- Includes troubleshooting steps for missing prerequisites (apify-client, APIFY_TOKEN).
- Supports up to 30 posts per search with results deduplicated by URL.
- Guides users on refining searches and handling errors.
元数据
常见问题
Reddit Explore 是什么?
This skill should be used when the user asks to "search Reddit", "explore Reddit posts", "find Reddit discussions about", "summarize Reddit opinions on", "what does Reddit think about", or wants to gather and summarize community opinions from Reddit on a specific topic. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1171 次。
如何安装 Reddit Explore?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install reddit-explore」即可一键安装,无需额外配置。
Reddit Explore 是免费的吗?
是的,Reddit Explore 完全免费(开源免费),可自由下载、安装和使用。
Reddit Explore 支持哪些平台?
Reddit Explore 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Reddit Explore?
由 netmsglog(@netmsglog)开发并维护,当前版本 v0.0.3。
推荐 Skills