ClawHub

Fast.io

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This Fast.io skill is transparent about its purpose, but it gives agents broad authenticated control over Fast.io files, organizations, billing, and raw API calls, so it needs careful review before use.

Install only if you intend to let an agent manage Fast.io workspaces and account resources. Prefer scoped OAuth or scoped API keys, avoid full-account unscoped keys, and require explicit human approval before billing changes, ownership transfer, account/org closure, file purge, bulk deletion, or any use of the generic execute tool for write/delete requests.

SkillSpector (3)

By NVIDIA

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code-mode section exposes a generic authenticated `execute` tool that can invoke arbitrary Fast.io REST endpoints, substantially expanding capability beyond the collaboration-focused skill surface. This weakens least-privilege boundaries and enables prompt-influenced agents to perform unreviewed sensitive actions, including endpoints not covered by safer curated tools.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The guide first instructs agents that all API access must go through MCP tools, but later authorizes direct REST access via `execute` and even direct uncovered REST flows. This contradiction creates unsafe fallback behavior where agents may bypass the safer tool abstraction, audit expectations, and action-level constraints.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The skill documents many destructive and irreversible operations, but the warning requirement is inconsistent and partly advisory. In an agent setting, weak confirmation patterns increase the chance of prompt-driven accidental deletion, purge, transfer, or billing changes without clear user intent.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal