Yes, it is!
Just fill in 5 fields and START! No need to trust anyone because you are not sending your private posting key to any website. Most (but not all) use Steem Connect, which is legit. But you never know if the person is saving your private key for their own use, as well as sending it along to Steem Connect, when you use some steemit related website. This bot is not on a website. It's not online anywhere! It's just a file on your computer that you run in a browser. The only time your key goes anywhere is as a parameter on a call to steem-js which is the officially approved way to interact with the steem blockchain, such as broadcasting a vote. The bot brings in the steem-js library with
<script src="https://cdn.steemjs.com/lib/latest/steem.min.js"></script>
then votes with
steem.broadcast.vote(wif, voter, author, permlink, weight, function (err, result) { }
Bottom line, no one has any chance of getting your private posting key unless they steal your computer while the bot is running! Of course, my bot could have code that sends your key to a server I own, but if anyone wants to use the bot, I'll send them the file and explain any line they may not understand. That's another reason I want to send this bot to just ONE person at a time. I don't want everyone getting it, and then have some joker add code to steal your key and run it saying its my bot when really its a modified evil cousin of my bot! :)
This is exactly how it should be!! You’re a genius! I’m glad someone has created this. I like the fact it’s only stored on the local machine. Transparency is key!