render-monitor

[Skill Scanner] Download or install from free hosting/deployment platform detected All findings: [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] This skill is consistent with a legitimate Render monitoring utility: capabilities, instructions, and endpoints align with its stated purpose and use official Render domains and CLIs. There is moderate risk due to the sensitive nature of operations it enables (placing API keys in local config, executing arbitrary SQL via query_render_postgres, and suggesting SSH/psql usage). These are appropriate for monitoring and debugging but require careful handling by a trusted operator and secure environment. No direct evidence of malicious intent, obfuscation, or third-party credential harvesting is present. LLM verification: This skill is coherent and consistent with its stated purpose: it instructs how to configure Render MCP or the Render CLI and how to call monitoring APIs to read service health, metrics, logs, and database queries. There are no signs of obfuscated or malicious code, and the network endpoints referenced are legitimate Render domains. The primary risk is operational: the Render API key grants access to potentially sensitive data (logs, DB queries) and must be protected. Recommend treating the API