claude-review

SUSPICIOUS: the core purpose is coherent and the Claude CLI comes from an official same-org source, but the skill grants Claude `bypassPermissions` and transitively invokes unverified third-party skills in the same session. Risk is driven more by excessive execution trust and inherited permissions than by confirmed malicious behavior.