Reddit Karma Scanner

The skill's purpose (find and post Reddit comments) matches the credentials it asks for, but the package is inconsistent and incomplete: the registry metadata does not declare the sensitive environment variables the SKILL.md requires, and the instructions reference Node scripts that are not included — this could lead you to run or fetch unknown code using your Reddit/OpenAI credentials.

Do not export or paste your Reddit or OpenAI credentials into your environment just because this SKILL.md says so. The skill's instructions reference Node scripts (reddit-scanner.mjs, reddit.mjs, generate-reddit-comments.mjs) that are not included in the package and the registry metadata does not list the sensitive env vars the runtime requires — this inconsistency is a red flag. Before using: (1) ask the publisher for the actual source code or a trusted install URL; (2) review the code to confirm exactly what network calls and data are sent to OpenAI/Reddit; (3) prefer using minimal OAuth tokens rather than your raw password where possible; (4) avoid scheduling automated posting until you've audited the scripts and checked subreddit rules and ethical implications; (5) if you cannot verify the code/source, do not provide credentials or run fetched scripts.