ClawHub

Deploy Moltbot To Fly

ReviewAudited by ClawScan on May 10, 2026.

Overview

The deployment guide is mostly coherent, but its device-pairing step can grant web UI access to the first pending device without verifying it.

Install only if you are comfortable creating a public Fly.io deployment and handling API keys. Before running the pairing script, inspect pending devices and approve only the one you recognize; also review or pin the external Moltbot repository before deploying secrets to it.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI03: Identity and Privilege Abuse
What this means

If more than one pending pairing request exists, the wrong device could be granted persistent web UI access to the deployed bot.

Why it was flagged

The script approves the first pending device and carries over requested roles/scopes without requiring the user to inspect or confirm the device identity.

Skill content
const requestId = Object.keys(pending)[0]; ... paired[device.deviceId] = { ... role: device.role, roles: device.roles, scopes: device.scopes, approvedAt: Date.now(), approvedBy: 'cli' };
Recommendation

Before approving pairing, list pending devices, verify the expected device ID/public key/client ID, and approve only that exact device with least-privilege roles/scopes.

Low
#ASI03: Identity and Privilege Abuse
What this means

These secrets are expected for the service, but a leaked token or API key could allow access to the bot or use of paid API resources.

Why it was flagged

The deployment uses a gateway token and provider API keys, and it places the gateway token in a browser URL for access.

Skill content
fly secrets set CLAWDBOT_GATEWAY_TOKEN="YOUR-TOKEN-HERE" ... fly secrets set ANTHROPIC_API_KEY="sk-ant-xxxxx" ... https://your-app-name.fly.dev/?token=YOUR-TOKEN-HERE
Recommendation

Use app-scoped keys where possible, avoid sharing tokenized URLs, rotate the gateway token if it appears in logs/history, and restrict Fly.io access to trusted users.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

You may deploy or run whatever code is currently in the external repository or installer at the time you follow the guide.

Why it was flagged

The guide relies on an external installer script and an unpinned GitHub repository, which is normal for this deployment but means the executed/deployed code is outside the reviewed artifact.

Skill content
Fly.io CLI installed (`brew install flyctl` or `curl -L https://fly.io/install.sh | sh`) ... git clone https://github.com/clawdbot/clawdbot.git moltbot-deploy
Recommendation

Verify the Fly installer source, review the cloned repository, and consider pinning a trusted commit or release before deploying with secrets.