overvy

SUSPICIOUS: the core Overvy board operations are coherent with the stated purpose and use direct API calls, but the skill also authorizes high-impact autonomous development actions (git push and PR creation) and allows bearer-token redirection through an overridable API URL. This is not confirmed malware, but it is a medium/high-risk skill because its action scope exceeds simple board management and can publish changes externally.