connect

SUSPICIOUS: the skill’s overall purpose is coherent for a deployment workflow, and exe.dev SSH usage appears consistent with official docs, but the footprint is still risky. It combines infrastructure access, npm-based local execution, remote repo deployment, and direct handling of a Clerk secret key passed via CLI. The main concern is disproportionate secret exposure and moderate supply-chain uncertainty from the unseen deploy script and remote branch clone, rather than clear malicious intent.