Anything on the public internet is some amount of risk.
It sounds reasonably configured, and for a single service that’s been fairly robust, the only thing you really should make sure you’re doing is updates - better if you configure automatic updates, so you don’t even have to think about it.
unattended-upgrades is what you’d want on a Debian-alike for updates, and Overseerr depends on how you installed it.
Keep in mind that you’re going to be retrieving and storing a huge amount of data running these scripts, and you should expect to need more than a $5 1gb of RAM vps to do it without it being a shitty broken experience for you.
We’re talking dozens of gigabytes of storage for the database, plus effectively a need for an infinite amount of storage for the image caching, plus enough RAM and CPU resources to effectively process the whole Threadiverse.