Skills
skills/vercel-labs/agent-skills/vercel-deploy/Gen Agent Trust Hub

vercel-deploy

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION] (LOW): The script uploads the contents of the target project directory to https://claude-skills-deploy.vercel.com/api/deploy. While this domain is not on the default whitelist for data exfiltration analysis, the operation is downgraded to LOW/INFO because the author (Vercel) is a trusted organization and the network activity is required for the skill's primary purpose. However, users should be aware that any secrets (e.g., .env files) in the directory will be included in the upload, as the script only excludes node_modules and .git.
  • [COMMAND_EXECUTION] (SAFE): The script uses standard shell commands including tar, curl, find, and grep. These are used for their intended purposes (packaging files, making API requests, and detecting frameworks) without malicious intent or obfuscation.
  • [DATA_EXPOSURE] (LOW): The script reads the contents of package.json to identify the project framework. This is a standard operation for deployment tools and does not target protected system files or user credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:39 PM