vibers-code-review

SUSPICIOUS. The skill's purpose and capabilities mostly align, but it requires broad collaborator access to a personal GitHub account and sends repository review data to an external non-GitHub service. The third-party action is same-publisher and not an unverifiable binary, so this is not confirmed malware, but the access scope and off-platform data flow make it high security risk.