deploy-to-vercel
Safety Score
Detected Capabilities
Sensitive Files
- Clean filesystem scan
Deep Audit Findings
This skill facilitates Vercel deployments via the CLI or fallback scripts. While the CLI method is standard, the 'No-Auth Fallback' scripts (deploy.sh and deploy-codex.sh) function by packaging the entire project and uploading it to external proxy endpoints (claude-skills-deploy.vercel.com and codex-deploy-skills.vercel.sh). This transmits the user's source code to a third-party service to generate 'Claim URLs'. While it attempts to exclude .env files, other sensitive files or hardcoded secrets are still at risk of exfiltration to these intermediate endpoints.
Code Exfiltration to Proxy Endpoints
The fallback mechanism uploads the user's entire project directory as a tarball to unauthenticated endpoints. If these endpoints are compromised or malicious, the user's proprietary source code is exposed.
Incomplete Secret Exclusion during Packaging
The scripts specifically exclude '.env' and '.env.*', but ignore other common secret locations like '.aws/credentials', 'config.json', or '.npmrc'. This increases the risk of accidental secret leakage during the upload process.
Unsanitized Input Path in Shell Script
The script uses the first argument directly in a 'cd' and 'tar' command. If the agent is manipulated into passing a path with shell metacharacters, it could lead to unexpected behavior or path traversal, though restricted by the shell environment.
Attack Surface Chain
Agent identifies that Vercel CLI is not authenticated.
Agent triggers the 'No-Auth Fallback' script (deploy.sh).
The script bundles the current directory into a .tgz file.
The .tgz file, containing the source code, is POSTed to https://claude-skills-deploy.vercel.com/api/deploy.
An attacker monitoring the proxy or a compromise of the proxy endpoint allows for the collection of the user's source code.