vercel-deploy-claimable

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with an external endpoint at https://claude-skills-deploy.vercel.com/api/deploy to perform the deployment. This is an official Vercel service designed for this specific purpose.
  • [COMMAND_EXECUTION]: The script uses standard system utilities such as tar, grep, find, and curl to package project files and interact with the deployment API. It includes basic input validation to ensure the provided path is a directory or archive.
  • [DATA_EXFILTRATION]: While the skill uploads local project files to Vercel, this is the intended and primary function of a deployment tool. The script explicitly excludes sensitive directories like .git and node_modules from the upload package. The endpoint used belongs to a well-known service (Vercel).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 10:13 PM
Security Audit — agent-trust-hub — vercel-deploy-claimable