Deploy Kit

v1.0.0

Simplifie le déploiement d'apps web sur Vercel, Railway et Supabase en détectant le projet, vérifiant les CLI, recommandant la plateforme et exécutant le dép...

⭐ 1· 1.9k·5 current·5 all-time

by@hugosbl

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/behavior align: the SKILL.md and scripts/deploy.py focus on detecting project type, checking CLI availability, recommending a platform, and running platform CLIs to deploy. No unrelated credentials, binaries, or system paths are requested.

ℹ

Instruction Scope

SKILL.md instructs the agent to detect projects, verify CLIs, and always ask for confirmation before deploying. The script runs subprocesses to invoke platform CLIs (vercel, railway, supabase) which is expected for a deploy helper — but those CLIs (and the project's build steps they trigger) can execute arbitrary code from the repository during build/runtime, so the agent/user should be aware and confirm deployments before running in sensitive environments.

ℹ

Install Mechanism

There is no install spec in the skill (instruction-only + a helper script) which is low risk. The bundled reference docs include example install commands (npm global installs and a curl | sh line for Railway in the reference) — these are not executed by the skill but are potentially risky if blindly run by a user.

✓

Credentials

The skill does not request environment variables or credentials. References mention CLI authentication (interactive login or tokens) which is appropriate for deployment CLIs; nothing indicates unnecessary access to unrelated secrets or system config.

✓

Persistence & Privilege

always is false and the skill does not request persistent elevated privileges or attempt to modify other skills or system-wide settings. Model invocation is allowed (default) which is normal for a user-invocable skill.

Assessment

This skill appears to do what it says: detect projects and run Vercel/Railway/Supabase CLIs to deploy. Before using it, verify you trust the project being deployed (build steps can run arbitrary code), confirm the skill asks you before executing deploy commands (it does), and avoid pasting secret tokens into chat. If you follow reference install commands, prefer package manager installs (brew/npm) from official sources and be cautious about running curl | sh. Run deployments first in a staging environment and inspect the repository and any referenced scripts before deploying to production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97df3qmafehnb8xj1zxch3sxd80ce1g

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Deploy Kit

License

Comments