deploy-preview

[Skill Scanner] Download or install from free hosting/deployment platform detected Based on the provided skill metadata/instructions, the functionality, required credentials, and data flows are internally consistent with its stated purpose. The primary security concern is the legitimate need for a powerful VERCEL_TOKEN: if mishandled by the implementation (logging, sending to third-party domains, or insecure storage), it could lead to account compromise or unauthorized deployments. No explicit signs of obfuscation or malicious intent appear in this documentation. Recommend reviewing the actual scripts/implementation to ensure tokens are used only with official Vercel endpoints, not proxied, and that user inputs are sanitized to prevent command injection when invoking the CLI. LLM verification: Based on the SKILL.md content alone, the skill's requirements, data flows, and permissions are consistent with its stated purpose. The main legitimate risk is handling the high-value VERCEL_TOKEN: users must supply a token and the helper script will use it to interact with Vercel. No explicit malicious behavior, obfuscation, or third-party credential harvesting is visible in this document. However, the actual implementation (scripts/deploy-preview.sh and any helper code) was not provided — that