patent-review

SUSPICIOUS: the skill’s core behavior matches its stated purpose, and the Codex MCP dependency appears official, but it grants unnecessarily broad Bash(*) access and routes sensitive patent/IP content to an external model provider. This is not malware, but it carries medium security risk due to overbroad permissions and external disclosure of confidential materials.