Web Deploy
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward deployment guide with no code, but its example commands can publish or change real websites and provider accounts.
This skill appears appropriate if you want deployment help. Before using it, make sure the agent asks before running production deploys, rollbacks, domain changes, database creation, git pushes, or secret-setting commands, and verify the logged-in provider account and target project.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong project, branch, or account, these commands could change a live site or service.
These are high-impact deployment or repository-changing commands. They are expected for a web deployment skill, but they can publish production changes or push rollbacks.
npx vercel --prod railway up git revert HEAD && git push
Confirm the target project, account, branch, build output, and user intent before running production deploy, rollback, or push commands.
Commands may act with the permissions of the logged-in Vercel, Railway, or GitHub account.
These instructions rely on provider account sessions and deployment secrets. This is disclosed and purpose-aligned for deployment, but it uses account privileges.
railway login npx vercel link npx vercel env add SECRET_KEY railway variables set SECRET_KEY=value
Use the least-privileged account or project scope available, verify which account is logged in, and avoid entering real secrets unless the target platform and project are correct.
The commands may download or execute third-party CLI packages from the npm ecosystem.
The examples invoke external npm/npx packages without pinned versions. This is common for web tooling, but it means the exact package version is resolved at use time.
npx http-server ./dist -p 8080 -c-1 npx vercel npm install -D gh-pages npx serve dist
Prefer trusted package sources, pin versions where practical, and review project package files before installing or running deployment tools.