desloppify

SUSPICIOUS. The core scanning/refactoring behavior fits the stated code-health purpose, and the main package source is verifiable and same-publisher. However, the skill grants broad autonomous code-editing and external git/PR actions, includes an unpinned GitHub `uvx` execution path, and can expand scope to modifying the upstream tool repo; these make it medium risk despite no strong evidence of credential theft or malware.