code-review

SUSPICIOUS: The skill is broadly aligned with its stated purpose and uses CodeRabbit’s official domains, so it does not look malicious. However, it relies on a raw `curl|sh` installer, forwards code and auth through an external CLI/service, and encourages autonomous code-changing review loops, which makes it a moderate security risk rather than benign.