ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fly.io

v1.0.0

Deploy and manage applications on Fly.io using the flyctl CLI and Machines API. Use when asked to deploy an app, scale machines, check app status, view logs,...

0· 50·0 current·0 all-time
by@dwhite-oss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and SKILL.md all align with Fly.io operations (deploy, scale, logs, secrets, Postgres). However the manifest declares no required binaries or env vars even though the instructions explicitly require the flyctl CLI and use of FLY_API_TOKEN.
Instruction Scope
The SKILL.md stays on-topic: it lists flyctl commands to manage apps, machines, secrets, logs, and Postgres. It references local files (fly.toml) and running fly auth login/token which are appropriate for the stated purpose and do not request unrelated system data.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so it doesn't write or download code to disk. That is low-risk; the main runtime dependency is the external flyctl binary which the skill expects to be present but does not declare.
!
Credentials
The instructions tell the user/agent to export FLY_API_TOKEN (and to run fly auth login) but the manifest lists no required environment variables or primary credential. Requesting a Fly API token is proportionate to the purpose, but failing to declare it is an inconsistency that could hide credential usage patterns or confuse permission reviews.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide changes in the manifest. It will rely on the agent invoking flyctl at runtime, which is normal for this type of integration.
What to consider before installing
This skill appears to be a straightforward set of flyctl usage instructions, but the package metadata is incomplete: it doesn't list the required flyctl binary or the FLY_API_TOKEN environment variable even though SKILL.md requires them. Before installing or enabling this skill: 1) verify you or the agent have flyctl installed and authenticated (run fly auth login yourself); 2) only provide a Fly API token with the minimum necessary privileges (prefer an ephemeral token or scoped service token if possible); 3) review any commands the agent will run (deploy, destroy, scale) because the skill can change live infrastructure; and 4) ask the skill author/maintainer to update the manifest to declare required binaries and the primaryEnv so permissions and audits are clear. If you need a stricter posture, avoid granting the agent access to production Fly credentials until the manifest and provenance are confirmed.

Like a lobster shell, security has layers — review code before you run it.

deploymentvk978at8t74bwawhjwxtd45gz2d83qaesdevopsvk978at8t74bwawhjwxtd45gz2d83qaesflyiovk978at8t74bwawhjwxtd45gz2d83qaeshostingvk978at8t74bwawhjwxtd45gz2d83qaesinfrastructurevk978at8t74bwawhjwxtd45gz2d83qaeslatestvk978at8t74bwawhjwxtd45gz2d83qaes

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Fly.io Skill

Fly.io is managed via the flyctl CLI (alias: fly) and the Machines REST API.

Auth

fly auth login          # opens browser
fly auth token          # print current token
export FLY_API_TOKEN=$(fly auth token)

App Management

fly apps list                          # list all apps
fly status -a <app-name>               # app health + machine states
fly info -a <app-name>                 # app details, IPs, regions
fly open -a <app-name>                 # open in browser

Deploy

fly deploy                             # deploy from current dir (uses fly.toml)
fly deploy --image registry/image:tag  # deploy a specific image
fly deploy --remote-only               # build remotely (no local Docker needed)
fly deploy -a <app-name>               # target specific app

Logs

fly logs -a <app-name>                 # live log stream
fly logs -a <app-name> --no-tail       # recent logs, no follow

Secrets

fly secrets set MY_KEY=value -a <app-name>
fly secrets list -a <app-name>
fly secrets unset MY_KEY -a <app-name>

Scaling

fly scale count 3 -a <app-name>                    # set machine count
fly scale memory 512 -a <app-name>                 # set RAM (MB)
fly scale vm shared-cpu-2x -a <app-name>           # change VM size
fly scale show -a <app-name>                        # current scale

Machines

fly machine list -a <app-name>
fly machine status <machine-id> -a <app-name>
fly machine restart <machine-id> -a <app-name>
fly machine stop <machine-id> -a <app-name>
fly machine destroy <machine-id> -a <app-name>

Run a Command (one-off)

fly ssh console -a <app-name>                      # interactive shell
fly ssh console -a <app-name> -C "ls -la /app"    # run single command

Postgres

fly postgres create --name myapp-db                # create Postgres cluster
fly postgres connect -a myapp-db                   # psql shell
fly postgres attach myapp-db -a <app-name>         # attach DB to app (sets DATABASE_URL)

VM Sizes

shared-cpu-1x (256MB), shared-cpu-2x (512MB), performance-1x (2GB), performance-2x (4GB)

Regions

iad (Virginia), ord (Chicago), lax (LA), sea (Seattle), ams (Amsterdam), fra (Frankfurt), sin (Singapore), syd (Sydney)

Tips

  • fly.toml is the app config — always check it before deploying
  • fly deploy --strategy rolling for zero-downtime deploys
  • Health checks in fly.toml under [checks] block

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…