Reddit

The skill is classified as benign. It provides a Reddit CLI tool that uses standard OAuth 2.0 for authentication, storing tokens in `~/.reddit-token.json`. It reads `REDDIT_CLIENT_ID` and `REDDIT_CLIENT_SECRET` from environment variables. The `scripts/reddit.mjs` file uses `child_process.exec` to open a browser for the OAuth login flow, which is a controlled and legitimate use case for a CLI tool requiring browser interaction, not arbitrary command execution. All network requests are directed to official Reddit domains. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms beyond token storage, or prompt injection attempts in `SKILL.md` or `README.md`.