Dele Deploy
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for deploying a chosen local frontend project to Dele, but users should notice that it uploads files to an external service, uses an API key, and defaults deployments to public visibility.
Use this skill only when you are comfortable uploading the selected local web files to Dele. Deploy a clean build folder rather than a broad project or home directory, choose a non-public visibility setting when appropriate, and keep the Dele API key private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A deployed folder could expose unintended project files if the wrong directory is chosen, especially because public listing is the default.
The skill documents recursive upload of a selected file/folder and a public default visibility. This is purpose-aligned for deployment, but users should ensure the selected folder does not contain secrets or private files.
“Apps default to **public** (visible on the Explore page)” and “for root, _, files in os.walk(target_path)”
Deploy only a clean build/output folder and choose `unlisted`, `password`, or `hidden` if the app should not be public.
Anyone with the API key may be able to deploy through the associated Dele account, depending on Dele’s permissions.
The skill requires and uses an API key to authenticate deployments. That is expected for the Dele service, but it is still account authority that should be protected.
`POSTME_API_KEY` | **Required.** Your Dele API key ... and `headers['Authorization'] = f"Bearer {api_key}"`Store the API key securely, avoid sharing it in prompts or files, and rotate it if it may have been exposed.
Users may need to install a Python package manually before use, and the reviewed package does not include a pinned dependency file.
The dependency is disclosed and common for HTTP uploads, but it is documented only in markdown rather than an install spec or lockfile, so package provenance is not reviewed by the provided artifacts.
“Python Dependencies: The skill requires the `requests` library.” followed by `pip install requests`
Install dependencies from trusted package sources and prefer pinned or reviewed dependency versions in controlled environments.