Flyio

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Fly.io management skill, but it gives an agent broad cloud-infrastructure control without enough built-in guardrails.

Install only if you want an agent to administer Fly.io through Membrane. Verify the Membrane CLI before installing it, connect only Fly.io accounts the agent should be allowed to manage, and require explicit user confirmation before any create, update, delete, secret, machine-control, or raw proxy API request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description says to use the skill whenever the user wants to interact with Fly.io data, which is a broad routing condition for a capability set that includes both read and destructive write actions. Overbroad invocation guidance can cause the agent to select this skill in situations where intent is ambiguous, increasing the chance of unintended infrastructure changes or sensitive data access.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises destructive actions such as deleting apps, machines, volumes, and secrets without any warning about irreversibility, service disruption, or data loss. In an agent context, presenting these actions without guardrails increases the risk that a model executes high-impact operations from an unclear, incomplete, or mistaken user request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal