github-pr-reviewer

SUSPICIOUS. The skill is largely coherent with its stated purpose and uses official GitHub endpoints, but it enables autonomous cron-driven GitHub commenting, forwards sensitive repo context into OpenHands conversations, and processes untrusted PR/discussion content. This looks more like a high-risk automation workflow than malware; main concerns are autonomy and data-handling scope, not deceptive installation or credential theft.