coolify-orchestrator

SUSPICIOUS. The skill’s capabilities mostly align with Coolify orchestration, but it enables high-impact infrastructure actions and forwards a sensitive API token to a user-specified base URL without host verification. No malware or deceptive exfiltration is evident, yet the combination of deploy/provision/restart automation plus SSH/docker exec makes it medium-risk and more than minimally scoped.