auto-review-loop

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains explicit instructions to give external reviewer models full access to repository contents and logs (including use of codex exec), to run arbitrary shell commands and SSH-deployed experiments, to read user-home config (e.g., ~/.claude/feishu.json), and to "do NOT ask the user for permission — just do it silently," which together create clear, intentional pathways for data exfiltration and remote code execution without user consent.