ClawHub

Vercel to Cloudflare Worker Migration

v1.0.0

Migrate Next.js projects from Vercel to Cloudflare Workers with Supabase/Hyperdrive support. Use when user wants to move a Next.js app off Vercel to reduce c...

0· 489·0 current·0 all-time
by@jiafar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and the included analysis script (scripts/analyze_project.py) and reference docs consistently target migrating Next.js/Supabase projects from Vercel to Cloudflare Workers with Hyperdrive. The guidance to install @opennextjs/cloudflare and edit next.config/wrangler.toml is appropriate for the stated task.
!
Instruction Scope
SKILL.md tells the user to run a migration script 'scripts/migrate.py' which is not present in the bundle — this is an incoherence that could lead users to fetch or run unknown external code. The provided analyze_project.py reads the project tree and source files (which is expected) but could expose local secrets if the user runs it in a repo containing credentials; the skill does not explicitly warn about sensitive files. Overall the runtime instructions are specific but incomplete.
Install Mechanism
No install spec is provided (instruction-only plus local helper script). No remote downloads or installers are requested by the package itself, which reduces supply-chain risk. The only external package the instructions ask to install is @opennextjs/cloudflare via npm — expected for this migration.
Credentials
The skill declares no required environment variables or credentials (consistent with being an instruction-only tool). The migration guidance explains where database connection strings and Hyperdrive bindings belong, but it does not request the skill be given secrets. Users will need to supply DB/Hyperdrive credentials for real migrations — those are appropriately described as local configuration rather than required envs for the skill itself.
Persistence & Privilege
The skill does not request persistent presence (always: false) and has no install actions. It does not modify other skills or global configuration. Autonomous invocation is allowed (platform default) but does not combine with other high-risk indicators here.
What to consider before installing
This package mostly looks like a legitimate migration helper, but it's incomplete: SKILL.md tells you to run scripts/migrate.py yet that file is not included. Before running anything, do not fetch or execute external code to compensate for the missing file. Review scripts/analyze_project.py locally (it only reads files and prints a report) and run it in a safe environment (not on production servers or on a repo with unredacted secrets). If you plan to perform the migration: (1) ask the publisher for the missing migrate.py or a full install script and review it before running, (2) keep DB credentials and Hyperdrive IDs local and never paste them into third-party channels, (3) install @opennextjs/cloudflare only from npm and verify package integrity, and (4) back up your project and test the migration in a staging environment. If you want higher assurance, request the full source for migrate.py and have it reviewed before execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jch9gevs8m5601fzprc0en81ha62

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments