Checkly Cli Skills
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a purpose-aligned Checkly CLI reference skill, but users should review its credential, deployment, and cloud-syncing workflows before using it.
This skill is suitable for Checkly CLI automation, but only install and use it if you are comfortable giving the agent Checkly API credentials and letting it prepare deployment commands. Review generated checks before deployment, avoid --force except in protected CI/CD, use dedicated least-privilege API keys, and use sandbox/test credentials for login or purchase-flow monitoring.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is given these credentials, it may be able to test, create, update, or deploy Checkly monitoring resources for the configured account.
The skill instructs users to provide Checkly API credentials, including read/write credentials for deployment workflows.
Permissions: Read/Write (for deploy) ... CHECKLY_API_KEY ... CHECKLY_ACCOUNT_ID
Use a dedicated Checkly API key with the minimum permissions needed, store it as a secret, and rotate or revoke it if no longer needed.
Running the force deploy command in the wrong project or account could change monitoring checks without a final manual confirmation.
The deploy workflow includes a no-confirm mode that can create or update cloud monitoring resources without an interactive approval prompt.
npx checkly deploy --force ... No confirmation prompt ... Useful for automated pipelines
Prefer preview or interactive deployment locally, and reserve --force for reviewed CI/CD workflows with the correct account and branch protections.
Using npx or global npm installation may execute package code from npm on the user's machine.
The skill relies on npm/npx-based Checkly CLI installation and execution, which is expected for the Checkly CLI but still depends on the npm package supply chain.
npm create checkly@latest ... npm install -g checkly ... npx checkly --help
Use the official Checkly package, pin versions in CI when practical, and review npm lockfiles or dependency updates for production workflows.
Secrets used in checks may be sent to and managed by Checkly, and could be exposed if configured incorrectly or used with overly broad test accounts.
The examples show secrets being configured as Checkly environment variables, which may be stored or used by the Checkly cloud service as part of deployed checks.
{ key: 'API_KEY', value: process.env.API_KEY!, locked: true }Use locked environment variables, avoid embedding secrets in code, use test-only credentials, and confirm which variables are deployed to Checkly.
If adapted carelessly, an automated browser check could create real orders or transactions.
The browser-check examples include an e-commerce checkout flow that submits an order, which is a legitimate synthetic monitoring pattern but can be high impact if aimed at a real production checkout.
test('complete purchase flow' ... await page.click('button[type="submit"]') ... Verify successRun purchase-flow checks only against sandbox environments or test products, use test payment methods, and add safeguards to prevent real charges.