coderabbit-install-auth

The skill's footprint is coherent with its stated purpose: it installs a CodeRabbit SDK and configures API key-based authentication using standard, officially distributed packages. Data flows involve credential input, local storage via env/.env, and authenticated API calls to CodeRabbit services. While generally benign, there is a mild risk related to credential exposure via environment files or logs; recommend best practices (local secret management, gitignore, minimal key permissions, and rotating keys). No evident credential forwarding to third-party binaries or covert data exfiltration patterns were observed.