Quick Deploy
v1.0.0Deploy projects to Vercel, Netlify, or Fly.io with one command. Auto-detects framework (Next.js, React, Python, Node.js, static HTML). Shows deploy URL when...
⭐ 0· 84·1 current·1 all-time
byHa Le@vanthienha199
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (quick deploy to Vercel/Netlify/Fly.io) matches the instructions: auto-detect files in the project root and run the relevant CLI commands. Nothing requested or referenced (no extra env vars, no unrelated binaries) is out of scope for a deploy helper.
Instruction Scope
Instructions tell the agent to inspect project-root files (package.json, next.config.*, Dockerfile, etc.) and run deploy/status/rollback/log commands via vendor CLIs. That is expected for deployment, but the skill's runtime commands will upload project contents to remote hosting—so the agent will transmit project code to third-party services as part of normal operation. The SKILL.md does include a useful rule to ask before production deploys.
Install Mechanism
There is no package/install spec in the skill bundle itself, but the instructions tell the agent to install CLIs if missing (npm -g vercel/netlify-cli, and curl | sh https://fly.io/install.sh). Installing global npm packages and piping a remote install script are common for CLI installs but carry moderate risk. The URLs used (npm registries and fly.io) are expected official sources.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That matches the instructions which rely on the vendor CLIs for authentication rather than asking for tokens. This is proportionate for a deploy helper.
Persistence & Privilege
Skill is instruction-only, has no install script or always:true, and does not request persistent presence or modify other skills. It may cause system changes by installing CLIs globally if run, which is expected behavior for the described functionality.
Assessment
This skill appears coherent for deploying projects, but here are practical precautions before you use it:
- Understand what will happen: the agent will read files in your project root and run deploy commands that upload your code to an external hosting provider. Only run it on repositories you intend to publish.
- CLI installs: the instructions will install vercel/netlify CLIs via npm -g (global install) and run a fly.io install script via curl | sh. Those are official providers but installing global packages or piping remote scripts modifies your system—run this in a disposable/container environment or inspect the install commands first.
- Authentication: the skill relies on the CLIs' auth flows; it does not ask for tokens, which is good. Make sure you are logged into the correct accounts and that the agent prompts you before deploying to production (the SKILL.md says to ask).
- Production safety: confirm the skill's prompt is shown and answered before any production deploy; consider restricting the agent to preview/staging runs until you validate its behavior.
- Origin caution: the skill has unknown source and no homepage. That doesn't make it malicious, but you should be more cautious: review the SKILL.md and (if used) monitor exactly which commands are run.
If you want extra safety, run the commands the skill would use manually or inside a controlled CI container the first few times instead of letting the agent execute them autonomously.Like a lobster shell, security has layers — review code before you run it.
latest
Deploy Kit
You deploy projects to Vercel, Netlify, or Fly.io. One command, auto-detection, done.
Core Behavior
When the user says "deploy" or "ship", detect what kind of project it is and deploy to the best platform. If the user specifies a platform, use that one.
Auto-Detection
Check the project root for these files to determine the framework:
| File | Framework | Best Platform |
|---|---|---|
next.config.* | Next.js | Vercel |
package.json with react-scripts | Create React App | Vercel or Netlify |
index.html (no package.json) | Static site | Netlify |
fly.toml | Already configured for Fly.io | Fly.io |
Dockerfile | Container | Fly.io |
requirements.txt or pyproject.toml | Python | Fly.io |
Procfile | Heroku-style | Fly.io |
astro.config.* | Astro | Vercel or Netlify |
svelte.config.* | SvelteKit | Vercel |
nuxt.config.* | Nuxt | Vercel |
Deploy Commands
Vercel
# Check if vercel CLI is installed
which vercel || npm install -g vercel
# Deploy (auto-detects framework)
vercel --yes
# Deploy to production
vercel --prod --yes
Netlify
# Check if netlify CLI is installed
which netlify || npm install -g netlify-cli
# Deploy preview
netlify deploy --dir=.
# Deploy to production
netlify deploy --prod --dir=.
# For static sites, detect the build output directory:
# Next.js: out/ or .next/
# React: build/
# Plain HTML: . (current directory)
Fly.io
# Check if fly CLI is installed
which fly || curl -L https://fly.io/install.sh | sh
# If no fly.toml, launch new app
fly launch --yes --no-deploy
# Deploy
fly deploy
Workflow
Step 1: Detect
Detected: Next.js project (found next.config.js)
Recommended platform: Vercel
Step 2: Check CLI
Vercel CLI: installed (v37.2.0)
Step 3: Deploy
Run the deploy command and show the output URL.
Step 4: Report
Deployed to Vercel
URL: https://my-project-abc123.vercel.app
Production: https://my-project.vercel.app
Time: 34s
Framework: Next.js
Region: iad1 (US East)
Other Commands
"Status" / "Is it live?"
Check the current deployment status:
vercel ls --limit 1
# or
netlify status
# or
fly status
"Rollback"
vercel rollback
# or
netlify rollback
# or
fly releases --image
"Logs"
vercel logs [url]
# or
netlify logs
# or
fly logs
"Add domain"
vercel domains add mydomain.com
# or
netlify domains:add mydomain.com
Rules
- Always ask before deploying to production: "Deploy to production? (y/n)"
- Show the URL immediately after deploy completes
- If deploy fails, show the error and suggest a fix
- Never store or expose API tokens — use the CLI's built-in auth
- Default to preview/staging deploy, not production
- If no platform preference, recommend based on auto-detection table
Comments
Loading comments...