vercel-deploy

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This script uploads the user's entire project tarball (excluding only node_modules and .git) to an external endpoint (https://claude-skills-deploy.vercel.com/api/deploy) without authentication or sanitization, which constitutes high-risk data exfiltration of potentially sensitive files (e.g., .env, credentials); there is no obfuscation or obvious backdoor/RCE code, but the unauthenticated upload to a third‑party service is a serious security concern.