dokploy

SUSPICIOUS. Core Dokploy management behavior is aligned and the main CLI install path is official and proportionate, but the built-in update check introduces unrelated third-party trust: it silently fetches version info from a personal GitHub path and suggests installing/updating through a separate `skills` tool not documented by Dokploy. The skill also performs real infrastructure actions and handles secret env files, so overall risk is medium despite largely legitimate primary functionality.