code-reviewer

SUSPICIOUS: the skill mostly looks like a broad code-review/documentation toolkit using standard package managers, but its actual scripts are missing, its scope extends into build/deploy tooling, and it processes untrusted code content with execution capability. No clear credential theft or malicious exfiltration is shown, so this is not confirmed malware, but the unverified script behavior and broad operational surface make it medium risk.