Is vercel safe?

https://clawhub.ai/TheSethRose/vercel

85
SAFE

This skill is a clean, text-only Vercel CLI reference document with no executable code, no install scripts, no git hooks, and no prompt injection attempts. The only external URLs reference Vercel's own documentation. The filesystem activity observed during installation is attributable to the OpenClaw agent runtime, not the skill itself. Minor risks stem from the skill documenting sensitive operations (production deploys, env var access, destructive removes) without safety guardrails, which could lead an AI agent to perform impactful actions without user confirmation.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 70/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

LOW Sensitive CLI operations documented without safety warnings -10

The skill documents commands like 'vercel --prod' (production deployment), 'vercel env pull' (writes secrets to local files), and '--token ' (auth token on command line) without any caution notes. An LLM agent following these instructions could perform destructive production deployments or expose credentials without user confirmation.

LOW Environment variable commands could expose secrets -10

Commands like 'vercel env list production' and 'vercel env pull' are documented, which could cause an agent to display or write sensitive environment variables. This is legitimate Vercel functionality but represents a data exposure vector when executed by an AI agent.

INFO External URL references are limited to vendor documentation -5

The only external URLs referenced are vercel.com/docs endpoints fetched via curl with markdown accept headers. These are the vendor's own documentation pages and are consistent with the skill's stated purpose.

INFO OpenClaw runtime reads sensitive system files during bootstrap -15

The filesystem monitoring captured the OpenClaw agent reading .env, .aws/credentials, SSH host keys, and config files. These accesses are attributable to the agent runtime bootstrapping (not the skill itself) but are notable as they occur in the skill's installation context.

LOW Destructive commands documented without guardrails -15

Commands like 'vercel rm', 'vercel projects remove', and 'vercel domains remove' are documented. An agent could execute these destructive operations if prompted, removing deployments, projects, or domains.