Back to skill

Security audit

Fly.io CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent Fly.io helper that defaults to read-only checks and clearly requires user approval before changing cloud resources.

Install this only if you want an agent to help operate Fly.io resources. Before approving any deploy, SSH command, secret change, scaling action, volume, database, or app-destroy operation, confirm the target app, account, command, and expected impact; keep FLY_API_TOKEN protected and least-privileged where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## High-risk operations (ask first)

These commands can execute arbitrary code on servers or mutate production state.
Only run them when the user explicitly asks you to.

- Deploy:
Confidence
80% confidence
Finding
execute arbitrary code

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Prefer **read-only** commands first: `fly status`, `fly logs`, `fly config show`, `fly releases`, `fly secrets list`.
- **Do not edit/modify Fly.io apps, machines, secrets, volumes, or databases without your human’s explicit approval.**
  - Read-only actions are OK without approval.
  - Destructive actions (destroy/drop) always require explicit approval.
- When debugging builds, capture the exact error output and determine whether it’s a:
  - build/packaging issue (Dockerfile, Gemfile.lock platforms, assets precompile)
Confidence
75% confidence
Finding
without approval

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
# Safety policy

- Read-only Fly.io actions are allowed without asking.
- Any action that edits/modifies Fly.io state requires your human’s explicit approval.
  - Examples: deploys, scaling, secrets set/unset, volume/db create/drop, app destroy.
Confidence
22% confidence
Finding
without asking

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.