IceCube Reddit Scout
v1.0.0🧊 IceCube Reddit Scout — 免费 Reddit 关键词监控,集成到你的 AI agent。无需 SaaS 订阅,无需依赖云端。追踪提及、验证……
0· 54·0 当前·0 累计
by 下载技能包
License
MIT
安全扫描
OpenClaw
可疑
high confidenceThe skill's goal (Reddit keyword monitoring) is plausible, but the instructions, shipped scripts, and declared requirements contain multiple inconsistencies and missing secrets/config declarations that should be resolved before trusting it.
评估建议
This skill appears to be a plausible Reddit monitor but contains several inconsistencies you should resolve before installing or running it: 1) SKILL.md says anonymous API access is blocked and recommends OAuth, yet the included scripts still call Reddit anonymously — verify the runtime actually uses OAuth if Reddit requires it. 2) The skill references reading email alerts and sending Telegram messages but does not declare or describe how to provide email access or Telegram credentials; do not s...详细分析 ▾
⚠ 用途与能力
Name/description and included scripts align with Reddit monitoring and only require curl, which is reasonable. However the SKILL.md repeatedly states 'No rate limits' / 'No cloud dependency' while also saying anonymous API access is blocked and recommending OAuth; the provided scripts still call the anonymous reddit.com search endpoints. The skill also references Telegram alerts, email parsing, and integrations with other IceCube skills but does not declare any environment variables or credentials for those services. These mismatches suggest design sloppiness or incomplete configuration.
⚠ 指令范围
SKILL.md instructs the agent to 'read these emails and extract context' and to send Telegram notifications, but gives no mechanism or declared env vars for accessing email or Telegram. It tells the agent to store OAuth client_id/client_secret in a config YAML (which is a secret) but does not mention secure storage. The scripts write logs to $HOME/.openclaw/workspace which is reasonable, but the runtime instructions and code diverge (doc says OAuth required, scripts use anonymous endpoints), creating scope and operational ambiguity.
ℹ 安装机制
No install spec (instruction-only) — low install risk. Two bash scripts are included (monitor.sh and scripts/monitor.sh) that will be executed by the agent or by the user; they only call curl and optionally jq. The skill does not declare jq as a required binary even though the scripts use jq when available (they degrade gracefully if missing). No external downloads or obscure URLs are involved.
⚠ 凭证需求
Registry metadata lists no required env vars, but SKILL.md instructs storing Reddit OAuth client_id and client_secret in config/reddit-scout.yaml and mentions Telegram notifications (which would normally require a TELEGRAM_TOKEN). Secrets required by operation are not declared in requires.env or primaryEnv. The guidance to store client_secret in plain YAML without recommending secret-store usage is a risk/oversight.
✓ 持久化与权限
always:false (default) and agent-invocable:true — appropriate for this kind of skill. The scripts only create and write files under $HOME/.openclaw/workspace, not system-wide config, and do not modify other skills' configs. No elevated persistence or system privileges are requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install icecube-reddit-scout
镜像加速npx clawhub@latest install icecube-reddit-scout --registry https://cn.longxiaskill.com 镜像可用