code-reviewer

SUSPICIOUS: the stated purpose is coherent for a code review skill and there is no clear exfiltration or credential harvesting, but the actual executable component is an unprovided local script with unverifiable provenance and a nonstandard path convention. Risk is mainly from opaque local execution and PR-content handling, not from confirmed malicious behavior.