Deploy Pilot
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill fits its deployment purpose, but it gives the agent high-impact production deployment and Vercel mutation authority without a clear approval gate.
Install only if you want an agent to help run GitHub/Vercel deployments. Before use, restrict the Vercel token, confirm the target repository and project, and require manual approval for production pushes, environment variable changes, domain changes, and rollbacks.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked in the wrong repository or context, the agent could push code to main and trigger a production deployment that affects users.
The skill explicitly frames deployment as autonomous and includes production push instructions. It asks for a deployment summary before pushing, but does not clearly require explicit user approval before a production-impacting action.
You manage the full deployment pipeline autonomously... Production Deploy ... git push origin main
Require an explicit user approval step before pushing to main, promoting a deployment, changing domains, or modifying production environment variables.
A broadly scoped Vercel token could allow the agent to list, promote, change environment variables for, or otherwise affect projects beyond the intended deployment target.
The skill requires a Vercel token and uses it for production deployment operations, but the artifacts do not define token scope, project/team boundaries, or least-privilege guidance.
"env": ["VERCEL_TOKEN"], "primaryEnv": "VERCEL_TOKEN"
Use a least-privilege token limited to the intended Vercel team/project where possible, and require the user to confirm the target project and environment before token-backed actions.
Users may not realize from the registry metadata that the skill depends on deployment CLIs and a Vercel credential.
The registry-facing metadata omits source and required credentials, while claw.json declares a homepage, version 1.1.0, required binaries, and VERCEL_TOKEN. This is a provenance and disclosure inconsistency rather than direct malicious behavior.
Source: unknown; Homepage: none; Version: 0.1.2; Required env vars: none
Align registry metadata with claw.json, including source, version, required binaries, permissions, and credential requirements.
Running the deploy workflow in an untrusted repository could execute that repository's build or test code.
The skill instructs the agent to run local build/test commands. This is expected for a deployment skill, but these commands can execute project-defined code and scripts.
npx tsc --noEmit ... npx vitest run ... npx next build
Use this skill only in repositories you trust, and review project scripts/dependencies before allowing automated build or deployment commands.