This Bluesky automation skill is not proven malicious, but it can store login sessions and perform bulk/public account actions with weak safeguards.
Review this carefully before installing. Use only a dedicated Bluesky app password and preferably a test account first. Avoid running the standalone follow-growth or discover-repost scripts unless you have inspected and edited their hardcoded account/path settings. Treat cleanup, unfollow, block, mute, scheduler, RSS, and AI-posting features as account-changing actions; run dry-run modes where available and clear saved sessions when finished.