Skills
skills/zhanlincui/agent-skills-hunter/vercel-deploy/Gen Agent Trust Hub

vercel-deploy

Warn

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The deployment script packages and uploads the contents of the target directory to an external service (https://claude-skills-deploy.vercel.com/api/deploy). The script lacks logic to exclude sensitive environment variables or credential files (e.g., .env files), which may lead to accidental data exposure during the transmission of project files to the remote server.
  • [COMMAND_EXECUTION]: The skill executes local shell commands including tar for file packaging and curl for performing network requests to the deployment endpoint.
  • [DATA_EXFILTRATION]: The skill's metadata incorrectly identifies the author as 'vercel' when the actual author is 'ZhanlinCui', which is a deceptive practice that may mislead users regarding the skill's origin and the trustworthiness of the deployment destination.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 12, 2026, 02:59 AM