ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawhub Publish

v1.4.2

Deploy to Vercel. Auto-activates for any Vercel task — editing a landing page, deploying, aliasing, updating a site.

0· 195·0 current·0 all-time
by@ranlywood
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The described purpose (deploy to Vercel) matches the instructions: uses the vercel CLI, .vercel/project.json, aliases, and curl to verify or change project settings. However, the skill metadata declares no required credentials or config paths while the runtime instructions explicitly require a Vercel token and reference local CLI auth files — the metadata/requirements omission is an inconsistency.
!
Instruction Scope
SKILL.md tells the agent to: ask the user to paste a VERCEL token into chat, export it into the environment for the session, and — separately — read local files (.vercel/project.json and a macOS CLI auth.json path) and extract tokens from them. Reading local auth files and requesting tokens via chat are sensitive actions that go beyond purely editing/deploying code and should have been declared and restricted.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code; this is the lowest-risk install mechanism.
!
Credentials
The skill requires a Vercel token to operate (and the instructions show using VERCEL_TOKEN), but the registry metadata lists no required env vars or primary credential. It also instructs reading the local CLI auth.json to obtain a token. Requesting/storing tokens and reading local auth files is sensitive and should be explicitly declared and minimized (use temporary/tightly-scoped tokens).
Persistence & Privilege
The skill is not forced-always and can be invoked normally. That is fine by itself, but because the instructions request credentials and suggest pasting them into chat, autonomous invocation combined with credential access would increase risk — the skill currently does not request persistent privileges, but the credential-handling flow is a potential privacy/abuse vector.
What to consider before installing
This skill can deploy to Vercel but asks for your Vercel token and even shows how to read local CLI auth files. Before installing or using it: (1) do NOT paste your long-lived personal Vercel token into chat — create a short-lived or limited-scope token and revoke it after use; (2) prefer using your own browser-based 'vercel login' flow or a secrets manager rather than copying tokens into the agent; (3) ask the author to declare required env vars and config paths in the skill metadata so you know what will be accessed; (4) be cautious about the 'curl PATCH' commands that change project SSO/password/trusted IPs — verify them manually or run them yourself; (5) if you must use this skill, run it with a token scoped only to the project and revoke the token afterward. If you want higher assurance, request the skill author add explicit declarations for credentials/config paths or use a version that avoids asking users to paste secrets into chat.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehvrc6x5a2jmr2zkvjrf2hd835npm
195downloads
0stars
7versions
Updated 2h ago
v1.4.2
MIT-0
@ranlywood
latest
Download

Skill: Vercel Deploy

When to activate (automatically, without prompting)

  • any mention of Vercel, landing page, or site on vercel.app
  • task "update site", "deploy", "fix landing"
  • editing an HTML file in a project folder with .vercel/project.json

Auth flow (before anything else)

vercel whoami 2>&1

Authorized → proceed.

Not authorized → one-time setup:

→ In Claude Code (has a browser):

vercel login

→ In OpenClaw or any headless agent:

  1. Tell the user:

    "Open vercel.com/account/tokens → Create Token → copy it and send it here. You only need to do this once."

  2. Once received, verify:
export VERCEL_TOKEN=<token>
vercel whoami
  1. Store securely — do NOT write the token to ~/.zshrc or any file. Keep it in env for this session only, or ask the user to add it to their secrets manager.

Creating or editing HTML files

CRITICAL: Never output HTML in the response text.

Always write directly to a file using the Write/Edit tool:

  • ✅ Write tool → index.html → deploy
  • ❌ Print HTML in response → copy-paste → deploy

Reason: large HTML files exceed the 32k output token limit and Claude hangs mid-generation. Writing to a file has no such limit.

If the file is very large (>300 lines), build it in logical sections using Edit tool rather than rewriting from scratch.

Pre-deploy checklist (required)

1. Make ALL changes first

❌ ANTI-PATTERN: deploy after each individual edit ✅ Rule: all edits in file first → one deploy

2. Check for .vercel/project.json

ls .vercel/project.json

File exists → proceed to deploy.

File does not exist → first deploy, Vercel will create the project automatically:

vercel deploy --yes --prod
# Vercel creates the project and .vercel/project.json on first run

3. Verify changes are actually in the file

grep -c "expected string" index.html

Deploy recipe

# Deploy (run from project folder)
vercel deploy --yes --prod 2>&1 | grep -E "https://|Error"

# If custom alias was not assigned automatically — set it manually:
# For personal accounts (no --scope needed):
vercel alias set <deploy-url> <alias>.vercel.app

# For team accounts only:
vercel alias set <deploy-url> <alias>.vercel.app --scope YOUR_TEAM_SCOPE

Note: script -q /dev/null suppresses interactive prompts on macOS but breaks on Linux. Use plain vercel deploy instead — --yes flag handles prompts cross-platform.

Post-deploy verification (required)

curl -s https://<alias>.vercel.app | grep "expected string"
# 200 + expected string = ✅ done

Removing SSO (if site is locked behind auth)

PROJECT_ID=$(python3 -c "import json; print(json.load(open('.vercel/project.json'))['projectId'])")
TOKEN=$(python3 -c "import json; print(json.load(open('$HOME/Library/Application Support/com.vercel.cli/auth.json'))['token'])")

# For personal accounts:
curl -s -X PATCH "https://api.vercel.com/v9/projects/$PROJECT_ID" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"ssoProtection":null,"passwordProtection":null,"trustedIps":null}'

# For team accounts — add teamId:
curl -s -X PATCH "https://api.vercel.com/v9/projects/$PROJECT_ID?teamId=YOUR_TEAM_ID" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"ssoProtection":null,"passwordProtection":null,"trustedIps":null}'

Final output (always)

After a successful deploy, the last message to the user must be the public URL — nothing else:

✅ https://<alias>.vercel.app

❌ Anti-patterns (from practice)

What went wrongHow to do it right
Generated HTML in response text (hit 32k token limit)Always write HTML directly to file using Write/Edit tool
Deployed from home directory (wrong CWD)Always deploy from the project folder with .vercel/project.json
Multiple deploys for separate editsAll edits → one deploy
Didn't verify file actually changed before deployinggrep before deploying
Didn't verify after deploycurl on the live URL after every deploy
Used --scope on a personal account--scope is for team accounts only
Used script -q /dev/null on LinuxUse plain vercel deploy --yes instead
Stored token in ~/.zshrcKeep token in env only, never write to files
Started with partial understandingRead source fully first, make a diff, then apply all edits

Gotchas

  • --name is deprecated — don't use it
  • vercel project rm doesn't support --yes — interactive only
  • vercelAuthentication is NOT supported in API v9 — use ssoProtection: null
  • After vercel deploy --prod the default alias is assigned automatically, custom alias is not (always verify)
  • First deploy on a new project: no .vercel/project.json yet — just run vercel deploy --yes --prod, it creates the project automatically

Comments

Loading comments...