pp-digitalocean

SUSPICIOUS: the skill’s capabilities largely match its stated DigitalOcean administration purpose, and the Go install path is at least source-verifiable. However, it requires trusting third-party publisher tooling with a cloud bearer token, enables destructive cloud actions, and supports arbitrary webhook delivery of outputs, making the overall footprint moderately risky even without clear evidence of malicious intent.