Trust Assessment
deploy-to-vercel received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: AI agent config, Command Injection via Unsanitized Input Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on April 1, 2026 (commit 8c56b3d4). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/deploy-to-vercel/SKILL.md:228 | |
| CRITICAL | Command Injection via Unsanitized Input Path The `deploy.sh` and `deploy-codex.sh` scripts use the user-provided `INPUT_PATH` argument directly in shell commands without proper sanitization. Specifically, the line `PROJECT_PATH=$(cd "$INPUT_PATH" && pwd)` is vulnerable to command injection if `INPUT_PATH` contains shell metacharacters like backticks (`)` or `$()` for command substitution. An attacker could craft a malicious `INPUT_PATH` (e.g., `my_app/$(rm -rf /)`) to execute arbitrary commands on the host system before the `cd` command is even attempted. Although `set -euo pipefail` would cause the script to exit on error, the injected command would still execute. Sanitize or validate the `INPUT_PATH` argument before using it in shell commands. Ensure it only contains valid path characters and does not contain shell metacharacters. A robust solution would involve using `realpath` to resolve the path and then validating it, or using a safer method for directory manipulation that doesn't involve direct shell string interpolation. | Static | resources/deploy-codex.sh:139 | |
| CRITICAL | Command Injection via Unsanitized Input Path The `deploy.sh` and `deploy-codex.sh` scripts use the user-provided `INPUT_PATH` argument directly in shell commands without proper sanitization. Specifically, the line `PROJECT_PATH=$(cd "$INPUT_PATH" && pwd)` is vulnerable to command injection if `INPUT_PATH` contains shell metacharacters like backticks (`)` or `$()` for command substitution. An attacker could craft a malicious `INPUT_PATH` (e.g., `my_app/$(rm -rf /)`) to execute arbitrary commands on the host system before the `cd` command is even attempted. Although `set -euo pipefail` would cause the script to exit on error, the injected command would still execute. Sanitize or validate the `INPUT_PATH` argument before using it in shell commands. Ensure it only contains valid path characters and does not contain shell metacharacters. A robust solution would involve using `realpath` to resolve the path and then validating it, or using a safer method for directory manipulation that doesn't involve direct shell string interpolation. | Static | resources/deploy.sh:139 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/deploy-to-vercel/SKILL.md:228 | |
| MEDIUM | Unpinned Dependency for Vercel CLI Installation The skill instructs the agent to install the Vercel CLI using `npm install -g vercel`. This command installs the latest available version of the `vercel` package. Without pinning a specific version, future installations could inadvertently introduce breaking changes, new vulnerabilities, or even malicious code if the `vercel` package on npm is compromised. This introduces a supply chain risk. Pin the version of the Vercel CLI to be installed. For example, use `npm install -g vercel@<specific-version>` to ensure deterministic and secure installations. Regularly review and update the pinned version to benefit from security patches and new features. | Static | SKILL.md:139 |
Scan History
Embed Code
[](https://skillshield.io/report/bfee0b85e0fbc97a)
Powered by SkillShield