well they accessed the files. this is not immediately a red flag but if they have the code checked and then check ur db and know theres nothing bad in there its not trustworthy. its hard to get them to DELETE IT. if you see that. DO NOT TRUST. 
our program makes a test db
# main.py / main.js modified!
well they modified it, its not their program you cant rely on it anymore. compromised? we dont KNOW!
not trustworthy
# db read after main.py / main.js even tho you can see theres no execution
not trustworthy, they read the db it could have passwords
# THEY zip your FS and download it
if it has a db same thing as above
# they download your main script
put copyright or a license on it that u arent allowed to have it and then they violate the law?
# they run cmds on ur server
its ur program why would they need to do that?
# db accessed even tho they saw its not executing code
if it contains passwords which our test program WILL have. its data leaking and exfeltration which is illegal in the EU and other countrys / states
# well your server got suspended for no resason
this blocks the activity tab on ptero, could be a red flag. if they dont let u appeal or smth ur data def got stolen OR they dont want u to test their host for security