autodev-loop

SUSPICIOUS. The skill’s capabilities broadly match its autonomous-dev purpose, but its security footprint is high: persistent cron-driven autonomy, code/write/exec/git-push authority, and extensive reliance on an unresolved `npx lev` CLI with unverified provenance. No clear credential theft or covert exfiltration is shown, so this is not confirmed malware, but it is a high-risk workflow skill.