render-deploy

No signs of deliberate malicious behavior in the provided skill content. Capabilities and data flows are consistent with a deployment/helper skill for Render. The primary security concerns are operational: recommending execution of a remote install script (curl | sh) and advising users to place long-lived API keys into a local JSON file without explicit secure-handling guidance. These are security/usability risks but not evidence of malware or credential exfiltration to attacker-controlled domains. Recommend adding explicit guidance to review any remote install script before running it, ensure config files containing secrets have restrictive permissions and are excluded from version control, and warn users about the implications of granting escalated sandbox network permissions.