vercel-deploy-claimable
Safety Score
Detected Capabilities
Sensitive Files
- Clean filesystem scan
Deep Audit Findings
The 'Vercel Deploy' skill packages and uploads a specified directory to an external service (claude-skills-deploy.vercel.com) to trigger a deployment. While functional, it poses a Data Exfiltration risk if the user accidentally (or via prompt injection) directs it to deploy sensitive directories (e.g., system paths or folders containing secrets). Additionally, the script modifies files in-place (renaming HTML files) without asking, which risks data integrity.
Unrestricted Arbitrary File Upload
The script accepts any file path as an argument and uploads its contents to a public-facing cloud service. If an attacker prompts the agent to 'deploy /etc' or a folder with .env files, sensitive data will be exfiltrated to the public web.
Unexpected Filesystem Modification (Data Integrity)
The script automatically renames a single HTML file to `index.html` inside the user's source directory. This destructive action happens in-place, potentially breaking local links or file structure without user consent.
Hardcoded External Dependency
The script relies on `claude-skills-deploy.vercel.com`. If this bridge service goes down or is compromised, the skill fails or could serve malicious content.
Attack Surface Chain
Attacker prompts the agent to 'Deploy my system config' or 'Deploy /etc'.
Agent executes `bash deploy.sh /etc`.
Script runs as the agent user (often with read access to system files).
Script packages /etc contents into a tarball, excluding only node_modules/.git.
Script uploads the tarball to the public Vercel endpoint.
Attacker receives a public 'Preview URL' where they can browse the victim's system files.