ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawhub Publish

v1.4.2

Deploy to Vercel. Auto-activates for any Vercel task — editing a landing page, deploying, aliasing, updating a site.

0· 178·0 current·0 all-time
by@ranlywood
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The described purpose (deploy to Vercel) matches the instructions: uses the vercel CLI, .vercel/project.json, aliases, and curl to verify or change project settings. However, the skill metadata declares no required credentials or config paths while the runtime instructions explicitly require a Vercel token and reference local CLI auth files — the metadata/requirements omission is an inconsistency.
!
Instruction Scope
SKILL.md tells the agent to: ask the user to paste a VERCEL token into chat, export it into the environment for the session, and — separately — read local files (.vercel/project.json and a macOS CLI auth.json path) and extract tokens from them. Reading local auth files and requesting tokens via chat are sensitive actions that go beyond purely editing/deploying code and should have been declared and restricted.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code; this is the lowest-risk install mechanism.
!
Credentials
The skill requires a Vercel token to operate (and the instructions show using VERCEL_TOKEN), but the registry metadata lists no required env vars or primary credential. It also instructs reading the local CLI auth.json to obtain a token. Requesting/storing tokens and reading local auth files is sensitive and should be explicitly declared and minimized (use temporary/tightly-scoped tokens).
Persistence & Privilege
The skill is not forced-always and can be invoked normally. That is fine by itself, but because the instructions request credentials and suggest pasting them into chat, autonomous invocation combined with credential access would increase risk — the skill currently does not request persistent privileges, but the credential-handling flow is a potential privacy/abuse vector.
What to consider before installing
This skill can deploy to Vercel but asks for your Vercel token and even shows how to read local CLI auth files. Before installing or using it: (1) do NOT paste your long-lived personal Vercel token into chat — create a short-lived or limited-scope token and revoke it after use; (2) prefer using your own browser-based 'vercel login' flow or a secrets manager rather than copying tokens into the agent; (3) ask the author to declare required env vars and config paths in the skill metadata so you know what will be accessed; (4) be cautious about the 'curl PATCH' commands that change project SSO/password/trusted IPs — verify them manually or run them yourself; (5) if you must use this skill, run it with a token scoped only to the project and revoke the token afterward. If you want higher assurance, request the skill author add explicit declarations for credentials/config paths or use a version that avoids asking users to paste secrets into chat.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehvrc6x5a2jmr2zkvjrf2hd835npm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments