project-tooling

[Skill Scanner] Download or install from free hosting/deployment platform detected All findings: [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] This is a benign project tooling/infrastructure instruction file. It contains no evidence of malware or obfuscated malicious code. The primary security issues are operational: the documentation includes patterns that can lead users to store secrets in plaintext (echoing API keys into .env, pulling envs locally) and uses third-party GitHub Actions which should be audited or pinned. There are no suspicious network intermediaries or credential-harvesting behaviors. Overall, safe to use if teams follow standard secret management hygiene. LLM verification: No evidence of malicious code or credential-harvesting behavior was found in the provided SKILL.md and accompanying instruction snippets. The file contains standard, expected instructions for installing and using GitHub CLI, Vercel, Supabase, and Render tooling, and for wiring those tools into local scripts and GitHub Actions. The primary risks are operational: handling and storing deployment/database API keys and running destructive commands (e.g., supabase db reset) without safeguards. Recomme