coderabbit-review

SUSPICIOUS: The skill’s purpose broadly matches its behavior, but install/execution trust is weakened by inconsistent installer guidance. The external CLI provenance is only partially verified, and the documented `pip install coderabbit-cli` fallback does not align with official CodeRabbit docs. Autonomous fix iterations add moderate operational risk, but there is no strong evidence of credential harvesting or clearly malicious data exfiltration beyond expected code review traffic.