Security Audit
vercel
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
vercel received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill grants broad administrative control over Vercel projects, Skill enables access to sensitive Vercel project data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill grants broad administrative control over Vercel projects The skill exposes the full `vercel` CLI, allowing an AI agent to perform highly privileged and potentially destructive actions on Vercel projects. This includes deploying new code, modifying critical environment variables, adding/removing domains, and deleting entire projects. An agent with access to this skill, if compromised or misused, could cause significant damage, service disruption, or unauthorized changes to Vercel infrastructure. Implement fine-grained access control for the agent, restricting which `vercel` subcommands and arguments it can execute. For example, disallow `vercel project rm`, `vercel env add`, or `vercel deploy`. If possible, use a Vercel API token with the principle of least privilege, granting only the absolute minimum permissions required for the agent's intended function. | LLM | SKILL.md:39 | |
| HIGH | Skill enables access to sensitive Vercel project data The skill allows an AI agent to execute commands that can reveal sensitive information about Vercel projects. Specifically, `vercel env ls` and `vercel env pull` can expose environment variables (which often contain API keys, database credentials, and other secrets), while `vercel inspect` and `vercel logs` can reveal deployment details and application runtime data. If an agent is compromised or instructed maliciously, this sensitive information could be exfiltrated, leading to credential exposure or data breaches. Restrict agent access to commands that reveal sensitive data (e.g., `vercel env ls`, `vercel env pull`, `vercel inspect`, `vercel logs`). If such access is necessary, ensure that the Vercel API token used by the agent has read-only permissions for sensitive resources. Implement robust output sanitization or redaction mechanisms if the agent is allowed to process and summarize outputs from these commands. | LLM | SKILL.md:54 |
Scan History
Embed Code
[](https://skillshield.io/report/23bfb7b027ac0383)
Powered by SkillShield