100Critical
The skill executes black-box
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Deploy to Vercel: Deploy any project to Vercel. **Always deploy as preview** (not production) unless the user explicitly asks for production.
Actually does
The skill uses `git` and the `vercel` CLI to deploy projects to Vercel, adapting its method based on whether the project is linked, has a git remote, and if the CLI is authenticated. For sandboxed or unauthenticated environments, it executes a local `bash` script (`deploy.sh` or `deploy-codex.sh`) to package and deploy the project to Vercel, returning preview and claim URLs. It contacts Vercel API endpoints via the CLI or fallback scripts, and may prompt for `npm install -g vercel` or `vercel login`.
Skill Info
Namevercel-labs/agent-skills/deploy-to-vercel
Registrygithub
Version47863b24f8e2
PURLpkg:github/vercel-labs/agent-skills@47863b24f8e2?skill=deploy-to-vercel
Stars25,222
Source
SHA-256cfcc3dd479ab...
SHA-193efb74da84e...
MD5bd596f082654...
TLSHaf32a563b248...
ssdeep192:aFJT2dKX...
Size11,786 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Execution of untrusted embedded scriptscriticalcommand execution
The skill executes local shell scripts (`deploy.sh`, `deploy-codex.sh`) using `bash` for fallback deployment scenarios. The content of these scripts is not provided, making them a black box. If these scripts are malicious or contain vulnerabilities (e.g., command injection via user-supplied `[path]` arguments), they could lead to arbitrary code execution on the agent's system.
90% confidenceline 167
bash /mnt/skills/user/deploy-to-vercel/resources/deploy.sh [path]
Supply chain risk via global npm package installationhighsupply chain
The skill installs the `vercel` CLI globally using `npm install -g vercel`. This introduces a supply chain risk, as a compromised `vercel` npm package could execute arbitrary code during installation on the agent's system.
80% confidenceline 141
npm install -g vercel
Request for escalated network permissionsmediumprivilege escalation
The skill explicitly requests `sandbox_permissions=require_escalated` for network access in sandboxed environments. While necessary for its function, this capability, if combined with a vulnerability in the skill's logic or an embedded script, could be abused to perform unauthorized network activities.
70% confidenceline 223
sandbox_permissions=require_escalated
Reduced user confirmation points for critical actionslowapproval fatigue
The skill explicitly states that after a user selects a team, it should 'proceed immediately to the next step — do not ask for additional confirmation' for linking. While this improves user experience, it reduces the number of explicit approval points for potentially significant actions.
60% confidenceline 35
Once the user picks a team, proceed immediately to the next step — do not ask for additional confirmation.
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/vercel-labs/agent-skills/deploy-to-vercel)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/vercel-labs/agent-skills/deploy-to-vercel"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/agent-skills/deploy-to-vercel.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/agent-skills/deploy-to-vercel.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow