rp-reviewer

SUSPICIOUS: the skill's purpose is coherent, but it has two notable risks: fail-open auto-approval that can bypass review, and sending untrusted diffs to an external MCP reviewer whose CLI provenance is not clearly verifiable from the provided evidence. It does not show clear credential theft or overtly malicious behavior.