review-fix-all

SUSPICIOUS: the skill’s review purpose is plausible, but it combines unpinned third-party package execution with autonomous repository actions (edit, issue creation, commit, push) and a recursive loop. This is more a high-impact automation workflow than a narrow review helper, so the overall security risk is high even without clear evidence of malware.