Vercel Platform
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only Vercel CLI reference whose powerful deployment and account-management commands are expected for its purpose, but users should confirm high-impact actions before use.
Install only if you intend the agent to help with Vercel operations. Before allowing production deployments, deletion, domain purchases, environment-variable access, or token use, verify the active Vercel account/team and approve the exact command.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrong command could change production deployments, remove resources, or incur account costs.
The CLI reference includes commands that can deploy to production, delete Vercel resources, or purchase domains. These are purpose-aligned for a Vercel management skill, but they are high-impact operations.
`vercel --prod`; `vercel projects remove <name>`; `vercel domains buy <domain>`; `vercel rm <deployment-url-or-id>`
Confirm the target project, team, deployment, and domain before production, deletion, purchase, promote, rollback, or `--yes` operations.
Actions may affect whichever Vercel account, team, or token scope is active.
The skill documents using Vercel account login, team scope switching, and token-based authentication. This is expected for Vercel management but means commands can run with the user's Vercel account privileges.
`vercel login [email]`; `vercel switch [scope]`; `-t, --token <TOKEN>`
Check `vercel whoami` and the active team/scope before making changes, and use least-privilege tokens when tokens are needed.
Secrets or sensitive logs could be exposed in local files or conversation context if the commands are used carelessly.
The documented commands can retrieve environment variables, project settings, and runtime logs into the local workspace or agent context. This is purpose-aligned, but those materials may contain secrets or sensitive operational data.
`vercel pull` — Pull project settings and env vars from cloud; `vercel env pull [filename]` — pull to `.env.local`; `vercel logs <url|id>`
Only pull or display environment variables and logs when necessary, avoid sharing secrets in chat, and keep `.env.local` protected and excluded from source control.
Users have less external provenance to verify that the CLI reference is maintained by an official or trusted source.
The skill has limited provenance information, although the artifacts show no code files or installer to execute.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Cross-check important commands against official Vercel documentation or `vercel --help` before high-impact use.