fizzy.do - have your agent read, understand and update your fizzy.do boards
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using these commands could change or delete Fizzy project data if the user requests or permits those actions.
The skill includes commands that can delete or modify Fizzy resources. This is consistent with the stated purpose, but incorrect IDs or unintended use could affect the user's boards.
Delete: `fizzy-cli board delete <board-id>`
Confirm board/card IDs and intended changes before running update or delete commands, especially in shared or business workspaces.
Whoever or whatever runs the CLI with the configured token can act within the permissions of that Fizzy account.
The skill uses Fizzy authentication and account configuration. That access is expected for managing Fizzy resources, but it gives the CLI authority over the authenticated account.
`fizzy-cli auth login --token $FIZZY_TOKEN` ... Env vars: `FIZZY_BASE_URL`, `FIZZY_TOKEN`, `FIZZY_ACCOUNT`, `FIZZY_CONFIG`.
Use the least-privileged Fizzy token/account available and avoid exposing `FIZZY_TOKEN` in logs, shared shells, or transcripts.
Users need to independently ensure the `fizzy-cli` executable on their system is the intended trusted tool.
The supplied artifacts do not identify where `fizzy-cli` should come from or declare it as a required binary, even though the skill instructions depend on that external command.
Source: unknown; Homepage: none; Required binaries (all must exist): none; No install spec — this is an instruction-only skill.
Install `fizzy-cli` only from an official or trusted source and verify which executable is on PATH before granting it account access.