coderabbit

SUSPICIOUS: The skill is coherent with its stated code-review purpose and appears to use official CodeRabbit infrastructure, but it relies on an unpinned pipe-to-shell installer and forwards code plus authentication to an external CLI/service. This is not fundamentally incompatible with the purpose, yet the install trust and credential/data handling make it medium risk.