fizzy.do - have your agent read, understand and update your fizzy.do boards
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: fizzy-cli Version: 1.0.0 The skill bundle describes the usage of a `fizzy-cli` tool for managing kanban boards. The `SKILL.md` provides clear instructions for authentication, configuration, and CRUD operations. It mentions using environment variables for tokens and allows uploading local files (e.g., `--image ./hero.png`), which is a standard feature for such a tool. There is no evidence of prompt injection attempts, malicious execution, data exfiltration beyond the tool's stated purpose, persistence mechanisms, or obfuscation. All commands and instructions are aligned with the stated purpose of interacting with a Fizzy kanban board.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using these commands could change or delete Fizzy project data if the user requests or permits those actions.
The skill includes commands that can delete or modify Fizzy resources. This is consistent with the stated purpose, but incorrect IDs or unintended use could affect the user's boards.
Delete: `fizzy-cli board delete <board-id>`
Confirm board/card IDs and intended changes before running update or delete commands, especially in shared or business workspaces.
Whoever or whatever runs the CLI with the configured token can act within the permissions of that Fizzy account.
The skill uses Fizzy authentication and account configuration. That access is expected for managing Fizzy resources, but it gives the CLI authority over the authenticated account.
`fizzy-cli auth login --token $FIZZY_TOKEN` ... Env vars: `FIZZY_BASE_URL`, `FIZZY_TOKEN`, `FIZZY_ACCOUNT`, `FIZZY_CONFIG`.
Use the least-privileged Fizzy token/account available and avoid exposing `FIZZY_TOKEN` in logs, shared shells, or transcripts.
Users need to independently ensure the `fizzy-cli` executable on their system is the intended trusted tool.
The supplied artifacts do not identify where `fizzy-cli` should come from or declare it as a required binary, even though the skill instructions depend on that external command.
Source: unknown; Homepage: none; Required binaries (all must exist): none; No install spec — this is an instruction-only skill.
Install `fizzy-cli` only from an official or trusted source and verify which executable is on PATH before granting it account access.