vercel-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill packages and transmits the contents of a local directory to a remote deployment endpoint (
https://claude-skills-deploy.vercel.com/api/deploy) via a POST request. This network operation is directed at a well-known service (Vercel) and is essential for the skill's stated hosting functionality. - [COMMAND_EXECUTION]: A bash script is utilized to manage the deployment workflow, executing standard system utilities such as
tarfor archive creation,curlfor network data transfer, andmvfor file organization. The script targets the project path specified by the user. - [DATA_EXFILTRATION]: The deployment script includes logic to exclude the
node_modulesand.gitdirectories from the upload package to reduce data transfer and avoid exposing version control history. However, it does not specifically exclude other potentially sensitive configuration files, such as.envfiles, which may be included in the upload if present in the target directory.
Audit Metadata