Social Reply Bot

Before installing, consider the following: - The package metadata omits ANTHROPIC_API_KEY but the code requires it — you will need to add an API key to .env. Treat that key as sensitive. - The installer suggests running curl | bash against raw.githubusercontent content. Don't run remote install scripts without reviewing them locally first. Instead: git clone the repo, inspect install.sh and plist, then run steps manually. - install.sh injects your ANTHROPIC_API_KEY into a LaunchAgent plist and loads it. That stores the key on disk in a scheduled job. Inspect the plist file before loading; avoid embedding secrets in LaunchAgents (use environment-only retrieval if possible). - The bot uses browser automation and requires you to be logged into Reddit/X in the controlled Chrome session; it will post as your account and can perform 'warmup' (karma farming) and automated replies — this may violate Reddit/X terms and risk account suspension. Consider using throwaway/test accounts or not enabling warmup behavior. - If you proceed: (1) clone the repo and audit files (especially install.sh and the plist template) locally; (2) do not run curl | bash; (3) avoid injecting real production credentials into the plist — keep them in a secure env file and consider restricting file permissions; (4) disable or review LaunchAgent scheduling if you don't want persistence; (5) run first in a sandbox/test account to confirm behavior. Given the metadata omissions, automatic persistence, and secret handling, I recommend caution — the code is coherent with its stated purpose but contains practices that can expose credentials and autonomously act on your real social accounts.