vercel-deploy-claimable

Warn

Audited by Socket on Jun 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The stated purpose aligns with deployment and the referenced endpoints are official Vercel properties, but the skill’s critical behavior is hidden in an unprovided deploy.sh wrapper. Because that script uploads local project contents and its exact data flow cannot be verified, this is a medium-risk opaque deployment skill rather than clearly benign malware.

Confidence: 83%Severity: 56%
Audit Metadata
Analyzed At
Jun 18, 2026, 10:14 PM
Package URL
pkg:socket/skills-sh/Microck%2Fopendots-microck%2Fvercel-deploy-claimable%2F@73cc9836296f38b69b3dfa4b612a2b1d75a70458bad7347736e5b333d9f9f9b6
Security Audit — socket — vercel-deploy-claimable