ClawHub

Reddit

v1.0.0

Browse, search, post, and moderate Reddit. Read-only works without auth; posting/moderation requires OAuth setup.

45· 9.3k·111 current·117 all-time
by@theglove44
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description (browse, post, moderate Reddit) aligns with the included script which calls Reddit's public JSON API and OAuth endpoints. However registry metadata claims no required env vars while both SKILL.md/README instruct the user to export REDDIT_CLIENT_ID, REDDIT_CLIENT_SECRET, REDDIT_USERNAME, and REDDIT_PASSWORD — an inconsistency. The code actually requires client ID/secret for OAuth but does not appear to use REDDIT_USERNAME/REDDIT_PASSWORD in the shown login flow, so asking for the account password appears unnecessary for the implemented authorization-code flow.
!
Instruction Scope
SKILL.md instructs running the included node script and saving a token to ~/.reddit-token.json (which the code does). But there are mismatches in the instructions: SKILL.md tells you to use redirect URI http://localhost:8080 while README and the code use /callback (http://localhost:8080/callback). SKILL.md/README also tell you to export REDDIT_USERNAME and REDDIT_PASSWORD even though the implemented login function uses a browser-based OAuth authorization code flow and the code does not use the password. These discrepancies could lead users to expose their Reddit password unnecessarily.
Install Mechanism
No install spec; this is instruction-only with a bundled script file. Nothing is downloaded or extracted from arbitrary URLs as part of installation.
!
Credentials
The skill requests sensitive credentials in documentation (client id/secret and also username/password). The code legitimately needs client id/secret for OAuth and stores tokens at ~/.reddit-token.json (expected). Requesting the Reddit account password (REDDIT_PASSWORD) appears unnecessary for the shown flow and is disproportionate; registry metadata also failed to declare the env vars, so the declared requirements do not match what the skill asks you to provide.
Persistence & Privilege
The skill stores an OAuth token in ~/.reddit-token.json and runs a short-lived local HTTP server to complete OAuth; this is reasonable for an OAuth CLI. always:false and no elevated system changes are requested.
What to consider before installing
This skill largely does what it says (read/post/moderate Reddit), but there are mismatches you should address before installing or exporting secrets: (1) The registry metadata declares no required environment variables, yet the docs tell you to export REDDIT_CLIENT_ID and REDDIT_CLIENT_SECRET — those are legitimately needed for OAuth; only set those if you trust the skill. (2) The docs also ask you to export REDDIT_USERNAME and REDDIT_PASSWORD, but the included code uses a browser-based OAuth authorization code flow and does not appear to require your password — do NOT export your Reddit password unless the code explicitly needs and justifies it. (3) The redirect URI differs between SKILL.md and README (one lacks the trailing /callback while the code uses /callback) — that will break login unless fixed. (4) The script saves tokens to ~/.reddit-token.json; be aware a token with moderator scopes grants real moderation power if the app is authorized. Recommended steps: review the script yourself (or ask the author) to confirm which env vars it actually reads, remove any guidance that asks for your Reddit password if not needed, only provide the client ID/secret to an app you trust, and consider creating a dedicated Reddit app with limited scopes for this skill rather than using your main account's credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9786j8ftb44tths8htapcd7k97ympzy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📣 Clawdis
Binsnode

SKILL.md

Reddit

Browse, search, post to, and moderate subreddits. Read-only actions work without auth; posting/moderation requires OAuth setup.

Setup (for posting/moderation)

  1. Go to https://www.reddit.com/prefs/apps
  2. Click "create another app..."
  3. Select "script" type
  4. Set redirect URI to http://localhost:8080
  5. Note your client ID (under app name) and client secret
  6. Set environment variables: 
    export REDDIT_CLIENT_ID="your_client_id"
export REDDIT_CLIENT_SECRET="your_client_secret"
export REDDIT_USERNAME="your_username"
export REDDIT_PASSWORD="your_password"

Read Posts (no auth required)

# Hot posts from a subreddit
node {baseDir}/scripts/reddit.mjs posts wallstreetbets

# New posts
node {baseDir}/scripts/reddit.mjs posts wallstreetbets --sort new

# Top posts (day/week/month/year/all)
node {baseDir}/scripts/reddit.mjs posts wallstreetbets --sort top --time week

# Limit results
node {baseDir}/scripts/reddit.mjs posts wallstreetbets --limit 5

Search Posts

# Search within a subreddit
node {baseDir}/scripts/reddit.mjs search wallstreetbets "YOLO"

# Search all of Reddit
node {baseDir}/scripts/reddit.mjs search all "stock picks"

Get Comments on a Post

# By post ID or full URL
node {baseDir}/scripts/reddit.mjs comments POST_ID
node {baseDir}/scripts/reddit.mjs comments "https://reddit.com/r/subreddit/comments/abc123/..."

Submit a Post (requires auth)

# Text post
node {baseDir}/scripts/reddit.mjs submit yoursubreddit --title "Weekly Discussion" --text "What's on your mind?"

# Link post
node {baseDir}/scripts/reddit.mjs submit yoursubreddit --title "Great article" --url "https://example.com/article"

Reply to a Post/Comment (requires auth)

node {baseDir}/scripts/reddit.mjs reply THING_ID "Your reply text here"

Moderation (requires auth + mod permissions)

# Remove a post/comment
node {baseDir}/scripts/reddit.mjs mod remove THING_ID

# Approve a post/comment
node {baseDir}/scripts/reddit.mjs mod approve THING_ID

# Sticky a post
node {baseDir}/scripts/reddit.mjs mod sticky POST_ID

# Unsticky
node {baseDir}/scripts/reddit.mjs mod unsticky POST_ID

# Lock comments
node {baseDir}/scripts/reddit.mjs mod lock POST_ID

# View modqueue
node {baseDir}/scripts/reddit.mjs mod queue yoursubreddit

Notes

  • Read actions use Reddit's public JSON API (no auth needed)
  • Post/mod actions require OAuth - run login command once to authorize
  • Token stored at ~/.reddit-token.json (auto-refreshes)
  • Rate limits: ~60 requests/minute for OAuth, ~10/minute for unauthenticated

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…