Flyio
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Fly.io integration, but it exposes high-impact create, update, delete, and secret-management actions without documented confirmation or scope limits.
Review this skill before installing. Only connect the intended Fly.io organization, use least-privilege credentials, and require explicit confirmation before any action that creates, updates, deletes, starts/stops/restarts machines, or manages secrets. Consider pinning the Membrane CLI version instead of installing `@latest`.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could change or delete Fly.io infrastructure, volumes, machines, apps, or secrets if it runs the wrong action.
The skill documents generic execution of high-impact Fly.io operations, including destructive resource deletion and secret management, without explicit confirmation or scoping requirements.
Popular actions include "Set Secret", "Delete App — Delete an app and all its resources", "Delete Machine — Destroy a machine", and "Delete Volume — Destroy a volume"; actions are run with `membrane action run <actionId> --connectionId=CONNECTION_ID --json`.
Require explicit user approval for create, update, delete, start/stop/restart, and secret-management actions; restrict use to the intended organization/app; and prefer read-only actions unless the user specifically requests a change.
Connecting the skill may allow the agent, through Membrane, to access and manage Fly.io resources tied to the authenticated account.
The skill uses delegated Membrane/Fly.io authentication and ongoing credential refresh. This is expected for the integration, but it grants access to a cloud account.
Membrane handles authentication and credentials refresh automatically ... `membrane login --tenant --clientName=<agentType>` ... `membrane connection ensure "https://fly.io/" --json`.
Use the least-privileged Fly.io account or organization possible, review the requested connection scopes during authentication, and revoke the connection when it is no longer needed.
A future CLI release could behave differently from the version reviewed here.
The setup uses a globally installed npm package at the moving `latest` tag. This is central to the skill's purpose, but the exact reviewed version is not pinned.
`npm install -g @membranehq/cli@latest`
Install a specific reviewed version of the Membrane CLI where possible and verify the package source before use.