vercel-cli-with-tokens
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- Credential Identification: The skill includes instructions to identify and export Vercel authentication tokens from the environment or local
.envfiles. This is a standard procedure for non-interactive CLI authentication and is performed locally to facilitate deployment tasks. - Security Best Practices: The instructions explicitly advise against passing sensitive tokens as command-line arguments to prevent them from being stored in shell history or process listings, which is a positive security consideration.
- Official Tooling: The skill utilizes the official Vercel CLI (
npm install -g vercel) to perform project management and deployments. Using official tools from established providers is a standard and expected practice for cloud service integration. - File System Interaction: The skill reads local project configuration files (like
.env,.vercel/project.json, and.vercel/repo.json) and interacts with Git repositories. these actions are necessary for the skill's primary purpose of project linking and deployment. - Environment Variable Management: The skill provides commands to add, list, and remove environment variables on the Vercel platform. These operations are conducted through the authenticated CLI to manage project configurations.
Audit Metadata