appdeploy

SUSPICIOUS: overall purpose and capabilities mostly align for a deployment skill, and data flows go to the claimed vendor domain rather than an obvious third-party interceptor. The main concerns are the uncorroborated manual API-key bootstrap, local storage of a long-lived credential, and consequential remote actions that publish code and can delete apps. This looks more like a legitimate but medium-risk deployment integration than malware.