Site Deployer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only static-site deployment guide; it has no hidden code, but users should deliberately review before running the production deploy command.
This skill appears benign and purpose-aligned. Before using it, confirm the generated site content, the hosting account/project, and whether you want a production deploy; consider removing --yes for an extra confirmation prompt.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run without review, the agent could publish the scaffolded site to production under the user's Vercel account.
This command publishes a production deployment and uses --yes to skip interactive confirmation. That is aligned with a deployment skill, but it is a real public-facing action.
cd my-site && vercel deploy --prod --yes
Review the generated files and hosting target before deploying; remove --yes or use a preview deployment if you want an explicit confirmation step.
The deployment may affect the user's hosting account and public site configuration.
Deploying to these platforms normally relies on the user's provider account or local CLI session. The artifacts do not show credential capture or leakage, but the workflow uses delegated hosting authority.
Ship a static website in under 5 minutes — Vercel, Netlify, or GitHub Pages.
Make sure the CLI is authenticated to the intended account/project before deploying, and avoid using overly privileged tokens for routine site publishing.