Vercel to Cloudflare Worker Migration
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: vercel-to-cloudflare Version: 1.0.0 The skill bundle, including `SKILL.md` and `scripts/analyze_project.py`, is designed for migrating Next.js projects from Vercel to Cloudflare. The `analyze_project.py` script performs read-only analysis of a specified project directory, identifying patterns related to environment variables and database configurations. It does not contain any code for data exfiltration, malicious execution, persistence, or unauthorized network activity. The `SKILL.md` and reference markdown files provide clear, non-malicious instructions and examples for the user, without any evidence of prompt injection attempts against the AI agent to perform actions outside the stated purpose or against user interests. All observed behaviors are aligned with the stated goal of project migration assistance.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can inspect many source files and print filenames/findings from the selected project, though the provided code does not transmit or modify them.
The analyzer recursively reads files under the user-provided project path to identify migration-relevant patterns.
for dirpath, dirnames, filenames in os.walk(root): ... content = open(filepath, 'r', encoding='utf-8', errors='ignore').read()
Run the analyzer only on the intended repository and avoid sharing raw output if file names or code structure are sensitive.
Mishandled connection strings could expose database access, and the command changes Cloudflare account configuration.
The setup flow requires a real Supabase database password and Cloudflare Wrangler account authority to create a Hyperdrive resource.
npx wrangler hyperdrive create my-hyperdrive --connection-string="postgresql://postgres.[project-ref]:[password]@aws-0-[region].pooler.supabase.com:5432/postgres"
Enter secrets only in a trusted local terminal, avoid pasting real credentials into chat, use least-privileged database credentials where possible, and rotate any secret that was exposed.
If a user or agent obtains or substitutes a migrate.py from elsewhere, its project-modification behavior would not be covered by this review.
The file manifest includes scripts/analyze_project.py but not scripts/migrate.py, so the instructed migration helper is not part of the reviewed artifacts.
Run the migration script: python3 scripts/migrate.py <project-path>
Do not run scripts/migrate.py unless it is supplied from a trusted, reviewed source; prefer manual changes or inspect the script and commit/backup the project first.