reddit-automation

The document describes a legitimate-sounding Reddit automation skill, but its architecture delegates OAuth and all API traffic to a third-party MCP (https://rube.app/mcp). That credential-forwarding pattern and the lack of explicit disclosure about OAuth scopes, token storage/retention, and logging present a non-trivial supply-chain and privacy risk. I rate this as a moderate security concern: the functionality itself is benign, but the centralized trust model requires vetting the MCP operator, auditing requested scopes, and verifying token handling policies before use. Recommendation: do not configure or authorize this MCP unless you can validate operator trust, obtain explicit scope and token-handling disclosures, or prefer a direct OAuth integration with Reddit or an audited intermediary.