Deploy Moltbot To Fly

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Fly.io deployment guide, but users should review its device-pairing and destructive troubleshooting steps before following it.

Install only if you are comfortable creating a public Fly.io deployment, storing API keys as Fly secrets, and running SSH commands against the app. Before approving pairing, inspect pending devices and approve only the device you recognize with the expected roles and scopes. Treat the app-destroy command as destructive, back up or export needed state first, and consider pinning or reviewing the external repository before deploying secrets to it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide includes `fly apps destroy ... -y` as a troubleshooting shortcut without a strong warning that it deletes the application and may lead to loss of deployment state or accidental destruction if copied blindly. In an agent skill context, users often paste commands directly, so destructive commands need explicit safeguards and backup guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal