Vercel to Cloudflare Worker Migration
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can inspect many source files and print filenames/findings from the selected project, though the provided code does not transmit or modify them.
The analyzer recursively reads files under the user-provided project path to identify migration-relevant patterns.
for dirpath, dirnames, filenames in os.walk(root): ... content = open(filepath, 'r', encoding='utf-8', errors='ignore').read()
Run the analyzer only on the intended repository and avoid sharing raw output if file names or code structure are sensitive.
Mishandled connection strings could expose database access, and the command changes Cloudflare account configuration.
The setup flow requires a real Supabase database password and Cloudflare Wrangler account authority to create a Hyperdrive resource.
npx wrangler hyperdrive create my-hyperdrive --connection-string="postgresql://postgres.[project-ref]:[password]@aws-0-[region].pooler.supabase.com:5432/postgres"
Enter secrets only in a trusted local terminal, avoid pasting real credentials into chat, use least-privileged database credentials where possible, and rotate any secret that was exposed.
If a user or agent obtains or substitutes a migrate.py from elsewhere, its project-modification behavior would not be covered by this review.
The file manifest includes scripts/analyze_project.py but not scripts/migrate.py, so the instructed migration helper is not part of the reviewed artifacts.
Run the migration script: python3 scripts/migrate.py <project-path>
Do not run scripts/migrate.py unless it is supplied from a trusted, reviewed source; prefer manual changes or inspect the script and commit/backup the project first.