codexloop

SUSPICIOUS: the skill’s capabilities broadly match its stated purpose, but it grants a durable autonomous execution harness with shell-capable verification and mutable local installation paths that are not fully provenance-documented in the skill. No clear malicious exfiltration or deceptive routing is shown, yet the combination of autonomous repo modification, doctor.sh execution, and weak install-source clarity makes it medium risk rather than benign.