Netlify Deploy

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Netlify deployment helper with expected but sensitive Netlify actions that users should approve deliberately.

Install only if you are comfortable with the agent using your Netlify CLI login and sending deploy artifacts to Netlify. Require explicit approval for production deploys and any environment-variable operation, especially env:set or env:import, and keep secrets out of the skill memory file.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The manifest describes deploying and managing Netlify sites with auth, linking, preview/production deploys, and config checks. This file additionally documents `env:set` and `env:import`, which modify remote environment variables and secret-bearing configuration rather than just performing deploys or config validation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal