ClawHub

Fly

v1.0.0

Deploy and manage Fly.io apps via CLI - apps, machines, volumes, secrets, certificates. Use when user mentions 'fly', 'flyctl', 'fly.io', or wants to deploy...

0· 273·1 current·1 all-time
byMelvyn@melvynx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description (manage Fly.io via flyctl) match the SKILL.md content: commands for apps, deploys, machines, volumes, secrets, certs, SSH, and proxy are directly relevant.
Instruction Scope
SKILL.md stays within the Fly.io/CLI domain and does not request unrelated files or credentials. It does instruct use of SSH/proxy and running arbitrary flyctl commands (e.g., fly ssh console), which is expected for this purpose but grants the agent capability to run arbitrary commands on apps once authenticated.
Install Mechanism
No install spec in the registry (instruction-only), but SKILL.md recommends installing flyctl via Homebrew or by piping https://fly.io/install.sh into sh. The fly.io URL is the official domain (expected), but curl | sh is a higher-risk pattern because it executes a remote script without local inspection.
Credentials
The skill declares no required env vars or credentials. It does instruct the agent/user to run 'fly auth login' which will create auth state/tokens for flyctl — this is expected and proportional to the stated functionality.
Persistence & Privilege
always is false and autonomous invocation is the platform default. The skill does not request persistent system-wide privileges or modify other skills' configurations.
Assessment
This skill appears to be a straightforward flyctl command reference and is internally consistent. Before installing/using it: (1) Prefer installing flyctl via your package manager (brew/apt) instead of running curl | sh; (2) Be aware the skill instructs running 'fly auth login' — that creates and stores Fly.io credentials/tokens on the machine; (3) The skill enables commands that can be destructive (apps destroy, volumes destroy, secrets set/unset, ssh console), so require confirmation before executing destructive operations and avoid giving the agent blanket autonomous rights if you don't trust it; (4) If you want tighter control, install flyctl yourself and only allow the skill to suggest commands rather than execute them automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bm16n2efpzcqxyx8w85s99n82mqpw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments