Vercel Tool

v1.1.0

Generate Vercel API commands for deployment management. Use when checking deployment status, viewing build logs, inspecting domain SSL, listing recent deploy...

⭐ 0· 25·1 current·1 all-time

by@loutai0307-prog

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

The name/description match the included script: the skill only generates Vercel API curl commands and local python-formatters for output. However, registry metadata lists no runtime requirements or required env vars while SKILL.md and the script explicitly mention bash, curl, python3, and recommend using a VERCEL_TOKEN — a small metadata mismatch (expected but non-malicious).

✓

Instruction Scope

The SKILL.md and script only produce shell commands and guidance; the skill does not itself call external endpoints or read arbitrary files. Generated curl commands will contact api.vercel.com when run by the user (expected). Note: the python -c snippets will execute locally when the user pipes curl output into them.

✓

Install Mechanism

No install spec is provided (instruction-only plus a script). Nothing is downloaded or installed by the skill itself — low install risk.

ℹ

Credentials

The skill does not require any environment variables in the registry metadata, but the README/script instructs users to set a VERCEL_TOKEN and to replace YOUR_TOKEN in generated commands. This is reasonable for a Vercel helper, but the token is optional from the skill's perspective and is not auto-collected.

✓

Persistence & Privilege

always:false and the skill does not attempt to persist configuration beyond suggesting the user set an env var in their shell profile. It does not modify other skills or system-wide settings.

Assessment

This skill appears to be what it claims: it prints curl commands and small local python formatters for Vercel's API rather than executing actions itself. Before using it: (1) inspect the script (you already have it) and confirm you are comfortable running the printed commands locally; running them will send whatever token you supply to api.vercel.com. (2) Do not paste or share your VERCEL_TOKEN publicly — the script expects you to replace YOUR_TOKEN or set VERCEL_TOKEN locally. (3) Note the registry metadata omitted runtime requirements (bash,curl,python3) and the token recommendation; this is a minor bookkeeping issue but not a functional red flag. (4) For destructive actions (promote/rollback), prefer using the official Vercel CLI or confirm the exact curl command before executing. If you want higher assurance, run the generated curl commands in a controlled environment (no secrets in shell history) or use a read-only token when testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9749ez9gjhxm31yqrekney8cn851e2e

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Vercel Tool

License

Comments