reddit-automation

[Skill Scanner] Natural language instruction to download and install from URL detected This is a legitimate-looking skill manifest for automating Reddit via a managed MCP/toolkit (Composio). Capabilities align with the stated purpose, and required permissions (OAuth via RUBE_MANAGE_CONNECTIONS) are proportionate. The primary security consideration is that all API calls and OAuth tokens are routed through the Rube MCP (https://rube.app/mcp), so the MCP operator must be trusted — otherwise tokens and user content could be observed or intercepted. No hardcoded secrets, obfuscation, or explicit malicious code detected in this manifest. LLM verification: No direct malicious code is present in the provided skill document. However, the skill's design requires routing Reddit OAuth and all toolkit calls through a third-party MCP (https://rube.app/mcp) which gains access to user tokens and proxied requests. Because the documentation does not describe token handling, scopes, or data retention, this is a supply-chain risk: an attacker controlling or compromising the MCP could harvest credentials, intercept or modify requests, or exfiltrate data. Recomm