Deploy Pilot

If invoked in the wrong repository or context, the agent could push code to main and trigger a production deployment that affects users.

The skill explicitly frames deployment as autonomous and includes production push instructions. It asks for a deployment summary before pushing, but does not clearly require explicit user approval before a production-impacting action.

A broadly scoped Vercel token could allow the agent to list, promote, change environment variables for, or otherwise affect projects beyond the intended deployment target.

The skill requires a Vercel token and uses it for production deployment operations, but the artifacts do not define token scope, project/team boundaries, or least-privilege guidance.

Users may not realize from the registry metadata that the skill depends on deployment CLIs and a Vercel credential.

The registry-facing metadata omits source and required credentials, while claw.json declares a homepage, version 1.1.0, required binaries, and VERCEL_TOKEN. This is a provenance and disclosure inconsistency rather than direct malicious behavior.

Running the deploy workflow in an untrusted repository could execute that repository's build or test code.

The skill instructs the agent to run local build/test commands. This is expected for a deployment skill, but these commands can execute project-defined code and scripts.