Fly
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward Fly.io CLI guide, but it includes normal login, install, and powerful cloud-management commands that can alter or delete apps if used.
This skill appears coherent for Fly.io administration. Before installing or using it, make sure you trust the Fly.io CLI installer, log in to the intended Fly.io account, and require confirmation for destructive or sensitive actions such as deleting apps, destroying volumes or machines, changing secrets, or opening SSH/proxy sessions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or poorly reviewed command could remove an app, machine, volume, certificate, or other Fly.io resource.
The skill documents Fly.io CLI operations that can delete or change cloud resources. These commands are purpose-aligned for a Fly.io management skill, but they are high-impact if run on the wrong target.
`fly apps destroy <name>` | Destroy an app ... `fly volumes destroy <id>` | Destroy a volume ... `fly machine destroy <id>` | Destroy a machine
Confirm app names, resource IDs, regions, and destructive actions before allowing the agent to run mutating Fly.io commands.
Commands may act with the privileges of the logged-in Fly.io account, including deployment, scaling, secrets management, and deletion where permitted.
The skill expects the user to authenticate the Fly.io CLI. This is necessary for deployment and management, but it gives commands access to the authenticated Fly.io account's permitted resources.
fly auth login
Use the least-privileged Fly.io account or organization context available, and verify `fly auth whoami` before making changes.
Running the installer executes code from Fly.io on the local machine.
The Linux setup path downloads and executes a remote install script. This is a common CLI installation pattern and is disclosed, but it relies on trusting the remote installer.
curl -L https://fly.io/install.sh | sh
Install from Fly.io's official documentation or package manager, review installer guidance, and avoid running the command if the source or network path is not trusted.