vercel-deploy

[Skill Scanner] Instruction to copy/paste content into terminal detected No code-level malware or obfuscated payloads detected. The skill's actions are coherent with its stated purpose, but it has a significant operational security risk: it instructs pushing all entries from .env.local into Vercel production variables without filtering, review, or safeguards, and it encourages overwriting existing production variables. That can lead to unintentional secret promotion, credential exposure, or misconfiguration in production. Use caution: review .env keys and values before adding to production, avoid pushing local-only secrets, and consider automated checks or an allowlist of variables for production. LLM verification: This skill's actions are functionally consistent with its stated purpose (deploying to Vercel and updating Supabase). It does not contain code that automatically exfiltrates secrets or performs hidden network calls, but it explicitly instructs operators to transfer all keys from a local .env file into production via interactive paste — a high-risk operational pattern. That user-mediated secret transfer and the encouragement to confirm overwrites without careful review make the skill potentially