exe

Automates the deployment of Vibes apps to exe.dev with SSH, nginx, and multi-tenancy support for seamless hosting.

Install this skill

or

0/100

Security score

The exe skill was audited on Feb 9, 2026 and we found 26 security issues across 4 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

medium line 48

Template literal with variable interpolation in command context

SourceSKILL.md

48

```bash

medium line 66

Template literal with variable interpolation in command context

SourceSKILL.md

66

```bash

medium line 82

Template literal with variable interpolation in command context

SourceSKILL.md

82

```bash

medium line 90

Template literal with variable interpolation in command context

SourceSKILL.md

90

```bash

medium line 175

Template literal with variable interpolation in command context

SourceSKILL.md

175	const dbName = `myapp-${subdomain}`;

medium line 184

Template literal with variable interpolation in command context

SourceSKILL.md

184

```bash

medium line 223

Template literal with variable interpolation in command context

SourceSKILL.md

223

```bash

medium line 278

Template literal with variable interpolation in command context

SourceSKILL.md

278

```bash

medium line 308

Template literal with variable interpolation in command context

SourceSKILL.md

308

```

medium line 323

Template literal with variable interpolation in command context

SourceSKILL.md

323

```

high line 328

Template literal with variable interpolation in command context

SourceSKILL.md

328	- "Continue on VM" → Provide: `ssh ${name}.exe.dev -t "cd /var/www/html && claude"`

medium line 124

Curl to non-GitHub URL

SourceSKILL.md

124	curl https://YOUR_CLERK_DOMAIN/.well-known/jwks.json

high line 274

Curl to non-GitHub URL

SourceSKILL.md

274	\| Verifying deploy \| ❌ \| ✅ `curl https://vm.exe.xyz` \|

medium line 43

Webhook reference - potential data exfiltration

SourceSKILL.md

43	2. If Registry enabled, ask for Clerk PEM public key and webhook secret

low line 93

Webhook reference - potential data exfiltration

SourceSKILL.md

93	--clerk-webhook-secret "whsec_xxx" \

medium line 101

Webhook reference - potential data exfiltration

SourceSKILL.md

101	4. Adds nginx proxy for `/registry.json`, `/check/*`, `/claim`, `/webhook`

medium line 110

Webhook reference - potential data exfiltration

SourceSKILL.md

110	\| `/webhook` \| POST \| Svix sig \| Clerk subscription events \|

medium line 213

Webhook reference - potential data exfiltration

SourceSKILL.md

213	\| `--clerk-webhook-secret <secret>` \| Clerk webhook signing secret \|

medium line 12

Access to hidden dotfiles in home directory

SourceSKILL.md

12	1. SSH key in `~/.ssh/` (id_ed25519, id_rsa, or id_ecdsa)

critical line 12

Access to SSH directory

SourceSKILL.md

12	1. SSH key in `~/.ssh/` (id_ed25519, id_rsa, or id_ecdsa)

low line 140

Access to .env file

SourceSKILL.md

140	sudo nano /etc/registry.env

low line 60

External URL reference

SourceSKILL.md

60	6. Verifies public access at `https://myapp.exe.xyz`

low line 124

External URL reference

SourceSKILL.md

124	curl https://YOUR_CLERK_DOMAIN/.well-known/jwks.json

low line 274

External URL reference

SourceSKILL.md

274	\| Verifying deploy \| ❌ \| ✅ `curl https://vm.exe.xyz` \|

low line 309

External URL reference

SourceSKILL.md

309	Question: "Your app is live at https://${name}.exe.xyz! What's next?"

low line 326

External URL reference

SourceSKILL.md

326	- "Share URL" → Confirm "Your app is live at https://${name}.exe.xyz - share this link!"

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw backend devops devops-sre backend-developer product-manager development product

majiayu000/claude-skill-registry