vercel-deploy-claimable
Warn
Audited by Socket on Jun 18, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The stated purpose aligns with deployment and the referenced endpoints are official Vercel properties, but the skill’s critical behavior is hidden in an unprovided deploy.sh wrapper. Because that script uploads local project contents and its exact data flow cannot be verified, this is a medium-risk opaque deployment skill rather than clearly benign malware.
Confidence: 83%Severity: 56%
Audit Metadata