Skills
skills/vercel-labs/vercel-skills/vercel-deploy/Gen Agent Trust Hub

vercel-deploy

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • Command Execution: The skill utilizes a bash script to handle the deployment lifecycle. It uses standard system utilities to manage temporary directories, package files, and communicate with the deployment API.
  • Evidence:
  • Use of tar for creating project archives.
  • Use of curl to transmit data to the deployment endpoint.
  • Use of find and mv for project structure normalization.
  • Data Transfer for Deployment: To perform its function, the skill bundles the specified project directory and uploads it to a Vercel-owned deployment service. This is the intended behavior for an automated deployment tool.
  • Evidence:
  • DEPLOY_ENDPOINT="https://claude-skills-deploy.vercel.com/api/deploy" is used as the target for project uploads.
  • Sensitive Data Handling: The deployment script includes specific logic to exclude sensitive or bulky directories from being uploaded, which is a positive security practice.
  • Evidence:
  • The packaging command explicitly excludes node_modules and .git directories: tar -czf "$TARBALL" -C "$PROJECT_PATH" --exclude='node_modules' --exclude='.git' .
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 08:26 AM