← 返回 Skills 市场
hioliver933

Reddit Spy

作者 oh-coder · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
605
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install reddit-spy
功能描述
Stealth Reddit intelligence -- browse, read, and analyze any subreddit without getting blocked. Multi-layer fallback (OAuth API -> Stealth HTTP -> Browser St...
安全使用建议
Things to consider before installing or running this skill: - It is designed to evade Reddit rate limits and blocks (Tor circuit rotation, UA rotation, Playwright stealth). That behavior can be used legitimately for research but can also violate Reddit's terms of service—review legal/terms implications. - The SKILL.md tells you to check and start a systemd Tor service (systemctl). Starting/stopping system services requires elevated privileges and affects the host; only run if you control the machine and understand the changes. - The code reads TOR_CONTROL_PASS from the environment but that variable is not declared in the registry meta; its default is the hard-coded weak string 'openclaw_tor'. If you run this, set TOR_CONTROL_PASS to a unique secret or disable circuit rotation. Leaving defaults may allow unwanted external control of your Tor instance. - The tool optionally asks for REDDIT_CLIENT_ID/SECRET/USERNAME/PASSWORD for OAuth. Only provide those credentials if you trust the skill author and are prepared to store them in your environment; the code will store cookies and tokens in ~/.openclaw/.reddit-spy-cache. - Playwright and related packages are heavy (download browsers). Consider running the skill in a sandboxed environment or VM to limit impact and to prevent accidental host-level changes. - If you intend to use proxies, be careful: REDDIT_PROXY_URL can include credentials (http://user:pass@proxy:port) — those will be read from your environment. - Recommendations: inspect/run code in a contained environment (VM/container), do not supply Reddit credentials unless necessary, set a strong TOR_CONTROL_PASS if you run Tor locally, and consider whether stealth scraping is acceptable for your use case and policy/legal constraints.
功能分析
Type: OpenClaw Skill Name: reddit-spy Version: 1.0.0 The skill is designed for 'Stealth Reddit intelligence' and uses various legitimate, albeit privacy-sensitive, techniques like Tor, Reddit OAuth, and browser automation (Playwright) to achieve its goal. It accesses environment variables for credentials and saves cookies for session persistence, which aligns with its stated purpose. However, the `browser_stealth.py` module uses Playwright with `--no-sandbox` and `--disable-setuid-sandbox` flags. While often used for headless browsers in containerized environments, these flags disable critical security isolation features, creating a vulnerability that could be exploited if the browser process itself is compromised. This constitutes a risky capability without clear malicious intent, classifying the skill as suspicious.
能力评估
Purpose & Capability
Name/description (stealth Reddit scraping) align with the code: OAuth, HTTP, Tor, Playwright and an archive service (PullPush) are all implemented and expected for the stated goal. Minor mismatch: _meta.json lists only Reddit env vars and proxy, but the code also reads TOR_CONTROL_PASS (not declared) and assumes a local Tor service—so not everything the code uses is declared in the manifest or SKILL meta.
Instruction Scope
SKILL.md explicitly instructs verifying/starting a systemd Tor service (systemctl start/ status) and setting environment variables containing credentials and proxy URLs. Those instructions affect host services and may require root/privileged access; SKILL.md also suggests installing heavy dependencies (playwright). The runtime code persists cookies and browser storage to ~/.openclaw/.reddit-spy-cache. These actions extend scope beyond simple read-only API calls and should be explicit to users and admins.
Install Mechanism
This is instruction-only (no install spec in registry) but includes requirements.txt that pulls playwright/playwright-stealth and curl_cffi — heavy, legitimate dependencies for browser automation and stealth. No downloads from untrusted URLs; install risk is moderate because Playwright installation can install browsers and requires extra steps (playwright install chromium).
Credentials
Declared optional envs (REDDIT_CLIENT_ID/SECRET/USERNAME/PASSWORD and REDDIT_PROXY_URL) match OAuth/proxy functionality. However, code reads TOR_CONTROL_PASS from environment (defaulting to a weak literal 'openclaw_tor') and the manifest does not declare this variable. Asking users to provide Reddit credentials and proxy URLs is reasonable but sensitive — the skill will persist cookies and potentially store OAuth tokens in process memory. The default TOR control password and undisclosed control variable are concerning.
Persistence & Privilege
always is false and the skill does not request autonomous platform-wide privileges. The skill writes cache/cookies to the user's home (~/.openclaw/.reddit-spy-cache) and may control a local Tor instance (circuit rotation) via Tor control port if password available. It also suggests starting a systemd service (affects host). Those persistences are limited to user filesystem and a local Tor service, but they are materially capable of changing host network behavior.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install reddit-spy
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /reddit-spy 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of reddit-spy for stealth subreddit analysis: - Enables browsing, reading, and analyzing any subreddit without getting blocked, using a multi-layer fallback system (OAuth API → Tor → Stealth HTTP → Browser Stealth → PullPush archive). - Provides comprehensive commands including spy (full subreddit scan), deep-read (posts + comments), bulk-scan (multi-subreddit sweep), strategy extraction, keyword search, user-intel, and health-check. - Designed for reliability and anti-blocking: auto-rotates IPs with Tor, caches layer health, and respects API/Reddit rate limits. - Returns detailed analytics: content types, hook patterns, timing, post rankings, and actionable recommendations. - Read-only operation with safety limits and optional OAuth/Proxy support for higher reliability.
元数据
Slug reddit-spy
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Reddit Spy 是什么?

Stealth Reddit intelligence -- browse, read, and analyze any subreddit without getting blocked. Multi-layer fallback (OAuth API -> Stealth HTTP -> Browser St... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 605 次。

如何安装 Reddit Spy?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install reddit-spy」即可一键安装,无需额外配置。

Reddit Spy 是免费的吗?

是的,Reddit Spy 完全免费(开源免费),可自由下载、安装和使用。

Reddit Spy 支持哪些平台?

Reddit Spy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Reddit Spy?

由 oh-coder(@hioliver933)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论