← Back to Skills Marketplace
justinburdett

Fly.io CLI

by justinburdett · GitHub ↗ · v1.0.3
cross-platform ⚠ suspicious
2589
Downloads
1
Stars
5
Active Installs
4
Versions
Install in OpenClaw
/install flyio-cli
Description
Use the Fly.io flyctl CLI for deploying and operating apps on Fly.io. Default to read-only diagnostics (status/logs/config/releases). Only perform state-changing operations (deploys, SSH exec, secrets, scaling, machines, volumes, Postgres changes) with explicit user approval. Use when asked to deploy to Fly.io, debug fly deploy/build/runtime failures, set up GitHub Actions deploys/previews, or safely manage Fly apps and Postgres.
README (SKILL.md)

Fly.io (flyctl) CLI

Operate Fly.io apps safely and repeatably with flyctl.

Defaults / safety

  • Prefer read-only commands first: fly status, fly logs, fly config show, fly releases, fly secrets list.
  • Do not edit/modify Fly.io apps, machines, secrets, volumes, or databases without your human’s explicit approval.
    • Read-only actions are OK without approval.
    • Destructive actions (destroy/drop) always require explicit approval.
  • When debugging builds, capture the exact error output and determine whether it’s a:
    • build/packaging issue (Dockerfile, Gemfile.lock platforms, assets precompile)
    • runtime issue (secrets, DB, migrations)
    • platform issue (regions, machines, health checks)

Quick start (typical deploy)

From the app repo directory:

  1. Confirm which app you’re targeting
  • fly app list
  • fly status -a \x3Capp>
  • Check fly.toml for app = "..."
  1. Validate / inspect (read-only)
  • fly status -a \x3Capp>
  • fly logs -a \x3Capp>
  • fly config show -a \x3Capp>

(Deploys are in High-risk operations below and require explicit user approval.)

Debugging deploy/build failures

Common checks

  • fly deploy --verbose (more build logs)
  • If using Dockerfile builds: verify Dockerfile Ruby/version and Gemfile.lock platforms match your builder OS/arch.

Rails + Docker + native gems (nokogiri, pg, etc.)

Symptoms: Bundler can’t find a platform gem like nokogiri-…-x86_64-linux during build.

Fix pattern:

  • Ensure Gemfile.lock includes the Linux platform used by Fly’s builder (usually x86_64-linux).
    • Example: bundle lock --add-platform x86_64-linux
  • Ensure Dockerfile’s Ruby version matches .ruby-version.

(See references/rails-docker-builds.md.)

Logs & config (read-only)

  • Stream logs:
    • fly logs -a \x3Capp>
  • Show config:
    • fly config show -a \x3Capp>
  • List secrets (names only):
    • fly secrets list -a \x3Capp>

High-risk operations (ask first)

These commands can execute arbitrary code on servers or mutate production state. Only run them when the user explicitly asks you to.

  • Deploy:
    • fly deploy / fly deploy --remote-only
  • SSH exec / console:
    • fly ssh console -a \x3Capp> -C "\x3Ccommand>"
  • Secrets changes:
    • fly secrets set -a \x3Capp> KEY=value

See references/safety.md.

Fly Postgres basics

Identify the Postgres app

  • fly postgres list

Attach Postgres to an app

  • fly postgres attach \x3Cpg-app> -a \x3Capp>

Create a database inside the cluster

  • fly postgres db create \x3Cdb_name> -a \x3Cpg-app>
  • fly postgres db list -a \x3Cpg-app>

Connect (psql)

  • fly postgres connect -a \x3Cpg-app>

GitHub Actions deploys / previews

  • For production CD: use Fly’s GitHub Action (superfly/flyctl-actions/setup-flyctl) and run flyctl deploy.
  • For PR previews:
    • Prefer one preview app per PR and one database per PR inside a shared Fly Postgres cluster.
    • Automate create/deploy/comment on PR; destroy on close.

(See references/github-actions.md.)

Bundled resources

  • references/safety.md: safety rules (read-only by default; ask before mutating state).
  • references/rails-docker-builds.md: Rails/Docker/Fly build failure patterns + fixes.
  • references/github-actions.md: Fly deploy + preview workflows.
  • scripts/fly_app_from_toml.sh: tiny helper to print the Fly app name from fly.toml (shell-only; no ruby).
Usage Guidance
This skill appears to be what it says (a Fly.io CLI helper) and the instructions are careful about requiring approval for destructive actions, but two practical inconsistencies deserve attention before you install or grant it runtime privileges: (1) ensure the host environment has the flyctl CLI available (or update the skill metadata to declare it), and (2) confirm how Fly credentials (FLY_API_TOKEN or local fly auth) will be provided — the SKILL.md references tokens but the skill metadata doesn't declare any required env vars. If you plan to allow state-changing operations, require an explicit confirmation step in your agent and avoid supplying broad credentials (use a token with minimal scope or ephemeral tokens). If you don't want the agent to ever mutate production state, restrict it to read-only operations or deny approval prompts by default.
Capability Analysis
Type: OpenClaw Skill Name: flyio-cli Version: 1.0.3 The skill bundle is designed with strong safety measures. The `SKILL.md` explicitly instructs the AI agent to default to read-only operations and requires explicit user approval for any state-changing or high-risk commands (e.g., `fly deploy`, `fly ssh console`, `fly secrets set`). The `scripts/fly_app_from_toml.sh` is a simple, local bash script to parse `fly.toml` for an app name, which is a benign utility function. There is no evidence of data exfiltration, malicious execution, persistence, prompt injection attempts to bypass safety, or obfuscation.
Capability Assessment
Purpose & Capability
The SKILL.md clearly expects the flyctl CLI to be available (examples use `fly`, `fly deploy`, `fly secrets list`, etc.), and the references mention the FLY_API_TOKEN secret for GitHub Actions. However, the skill metadata declares no required binaries and no required environment variables. This mismatch (an orchestration skill that does not declare the CLI it needs or the token it references) is an incoherence that should be resolved.
Instruction Scope
The SKILL.md stays within the stated purpose: it documents read-only diagnostics and explicitly requires human approval for state-changing operations (deploy, SSH exec, secrets, DB changes). It references reading repo files (fly.toml) and includes a small helper script for that purpose; those file accesses match the stated tasks. There are no instructions to collect or exfiltrate unrelated host data or to send data to unexpected external endpoints.
Install Mechanism
This is an instruction-only skill with no install spec. That lowers risk because nothing is fetched or written during install. The included script is a simple, readable shell helper and does not perform network calls or obfuscated behavior.
Credentials
Operational flow clearly relies on credentials in practice (e.g., FLY_API_TOKEN for CI / GitHub Actions and likely a Fly API token or local `fly` authenticated user for state-changing commands), yet the skill metadata lists no required environment variables or primary credential. The references also mention DATABASE_URL for previews. Requesting no env vars while instructing commands that require authentication is inconsistent and could lead to accidental unauthorized attempts or unclear UX about where credentials come from.
Persistence & Privilege
The skill does not request always: true and is user-invocable only by default. It does not attempt to modify other skill configs or require persistent presence. Autonomous invocation is allowed (default), which is expected for skills; this is not combined with any other high-risk attributes here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install flyio-cli
  3. After installation, invoke the skill by name or use /flyio-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
- Updated documentation to clarify that state-changing operations require explicit approval from "your human" instead of a specific individual. - No code or file changes; documentation wording only.
v1.0.2
- Renamed skill to "flyio-cli" and updated description to emphasize read-only diagnostics by default. - Stronger focus on safety: clarify that all state-changing operations (deploys, exec, secrets, scaling, databases) require explicit user approval. - Consolidated and re-organized commands: split clear sections between diagnostics (read-only) and high-risk operations (modifies state). - Added reference to new safety guidelines: `references/safety.md`. - Provided clearer guidance on when and how to run deploys, SSH exec, and other mutations. - Minor updates to command examples and bundled resources for clarity and safety.
v1.0.1
- Added a concise "Common tasks" section summarizing day-to-day flyctl CLI usage. - Streamlined safety guidance for state-changing and destructive actions. - Clarified instructions for GitHub Actions deploys, referencing preferred `fly deploy --remote-only` usage. - Reduced overall verbosity and reorganized content for easier scanning. - No functional CLI changes; documentation improvements only.
v1.0.0
Initial release of flyio-cli-public. - Provides guidance and safe workflows for deploying and managing Fly.io apps using the flyctl CLI. - Emphasizes read-only operations by default; commands that change state require explicit user approval. - Includes troubleshooting steps for common build and deploy failures, including detailed Rails/Docker advice. - Documents usage for logs, SSH, secrets/config, scaling, volumes, and Fly Postgres management. - Offers best practices for integrating Fly deploys with GitHub Actions and PR previews. - Bundles reference materials and helper scripts for streamlined development and debugging.
Metadata
Slug flyio-cli
Version 1.0.3
License
All-time Installs 5
Active Installs 5
Total Versions 4
Frequently Asked Questions

What is Fly.io CLI?

Use the Fly.io flyctl CLI for deploying and operating apps on Fly.io. Default to read-only diagnostics (status/logs/config/releases). Only perform state-changing operations (deploys, SSH exec, secrets, scaling, machines, volumes, Postgres changes) with explicit user approval. Use when asked to deploy to Fly.io, debug fly deploy/build/runtime failures, set up GitHub Actions deploys/previews, or safely manage Fly apps and Postgres. It is an AI Agent Skill for Claude Code / OpenClaw, with 2589 downloads so far.

How do I install Fly.io CLI?

Run "/install flyio-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Fly.io CLI free?

Yes, Fly.io CLI is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Fly.io CLI support?

Fly.io CLI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Fly.io CLI?

It is built and maintained by justinburdett (@justinburdett); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments