Back to skill

Security audit

Deploy Moltbot To Fly

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Fly.io deployment guide, but it includes high-impact secret handling and device-approval steps that need review before use.

Install only if you are comfortable deploying a public Fly.io service, storing API keys as Fly secrets, and running SSH commands against the app. Before approving pairing, inspect pending devices and approve only a device you recognize with expected roles and scopes. Avoid sharing or logging the gateway token, rotate it if it appears in a URL or terminal, and treat the destroy command as a last-resort destructive action after backing up needed state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to open the web UI with the gateway token embedded in the URL query string. Query-string secrets are commonly exposed through browser history, screenshots, screen sharing, copy/paste, crash reports, referer leakage, and terminal or proxy logs, which can grant unauthorized access to the gateway if the token is reused.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The troubleshooting and quick-reference steps explicitly print the gateway token to the terminal. Displaying secrets on screen can expose them through shell history, terminal scrollback, session recording, shared terminals, support transcripts, and shoulder surfing, increasing the chance of credential compromise.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill presents a destructive app deletion command as a troubleshooting shortcut without a strong warning about irreversible consequences. Users may destroy the deployed app and lose configuration, secrets linkage, or persisted state if storage is misconfigured, turning routine debugging into accidental data loss.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
fly secrets list -a APP

# Get gateway token
fly ssh console -a APP -C "printenv CLAWDBOT_GATEWAY_TOKEN"

# Redeploy
fly deploy -a APP
Confidence
97% confidence
Finding
printenv CLAWDBOT_GATEWAY_TOKEN

External Script Fetching

High
Category
Supply Chain
Content
## Prerequisites

Before starting:
- Fly.io CLI installed (`brew install flyctl` or `curl -L https://fly.io/install.sh | sh`)
- Fly.io account and logged in (`fly auth login`)
- Anthropic API key (and optionally OpenAI API key)
- Git installed
Confidence
91% confidence
Finding
curl -L https://fly.io/install.sh | sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.