nightshift

SUSPICIOUS. The skill's capabilities mostly match its stated purpose, but its unattended AFK design, autonomous commits, and ability to read broad project/issue content while executing commands and modifying code create substantial security risk. There is no clear evidence of credential theft or exfiltration, so this looks high-risk automation rather than malware.