runpod

SUSPICIOUS. The core RunPod API usage is purpose-aligned and routes to official endpoints, but the trust model is weakened by personal-namespace GHCR images, mutable tags, and uploads through unspecified fallback services. This looks more like a legitimate but moderately risky third-party deployment skill than confirmed malware.