dokploy-api-mcp

The Dokploy API MCP skill demonstrates coherent purpose-to-capability alignment: it enables automated deployment management on a self-hosted Dokploy instance via MCP, API calls, and CLI. The data flow uses standard authenticated API interactions and local configuration, which is appropriate for legitimate deployment workflows. Some low-to-moderate risk signals exist around local token storage, encoding inputs in shell commands, and reliance on an external MCP tool via npx; these do not constitute clear malicious behavior but warrant caution and secure handling (e.g., minimizing logs of tokens, validating inputs, vetting MCP package). Overall, the footprint is suspiciously moderate but not obviously malicious; the security risk is not negligible and should be treated as MEDIUM.