vercel-deploy-claimable
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with an external endpoint at
https://claude-skills-deploy.vercel.com/api/deployto perform the deployment. This is an official Vercel service designed for this specific purpose. - [COMMAND_EXECUTION]: The script uses standard system utilities such as
tar,grep,find, andcurlto package project files and interact with the deployment API. It includes basic input validation to ensure the provided path is a directory or archive. - [DATA_EXFILTRATION]: While the skill uploads local project files to Vercel, this is the intended and primary function of a deployment tool. The script explicitly excludes sensitive directories like
.gitandnode_modulesfrom the upload package. The endpoint used belongs to a well-known service (Vercel).
Audit Metadata