Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The README instructs users to manually extract an authenticated Reddit browser cookie and persist it in shell startup files, effectively treating a session secret as a reusable API credential. That exposes users to account takeover risk if the cookie is mishandled, leaked via shell history, dotfiles, backups, logs, or local compromise, and the documentation does not clearly warn that this is highly sensitive authentication material.
