Fast.io
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent receives a human user's API key, it can act with that user's Fast.io permissions.
This shows the integration can operate with the user's Fast.io account-level permissions, including managing files and shares.
The API key has the same permissions as the human user, so you can manage their workspaces, shares, and files directly.
Use a dedicated agent account or limited organization/workspace membership where possible, and revoke API keys or admin access when the task is finished.
An agent may be able to create or manage workspaces, shares, uploads, workflow items, and other Fast.io resources.
The tool surface is broad and can perform many authenticated Fast.io actions; this is expected for a full platform integration but should be used carefully.
This MCP server exposes 19 consolidated tools that cover the full Fast.io REST API surface. Every authenticated API endpoint has a corresponding tool action
Require clear user confirmation for public sharing, ownership transfer, billing/upgrade actions, or other high-impact changes.
The agent may follow live instructions supplied by Fast.io's remote MCP server.
Some instructions and tool behavior come from the remote Fast.io MCP server rather than the local skill files, so they can change outside this static review.
MCP-connected agents receive comprehensive workflow guidance through SERVER_INSTRUCTIONS at connection time
Connect only to the official Fast.io endpoint, review provider trust and account permissions, and monitor high-impact actions.
Uploaded workspace documents may be analyzed and made queryable through Fast.io AI features.
Workspace documents may be processed into an AI-searchable index; this is core functionality but can include sensitive or collaborator-provided content.
Enable intelligence on a workspace and documents are automatically indexed, summarized, and queryable
Avoid enabling intelligence on confidential workspaces unless approved, and treat AI answers from shared or user-uploaded documents as potentially influenced by those documents.
Files, comments, and workflow context may be visible to other invited users or agents depending on permissions.
The service is designed for shared agent-human workspaces, so data boundaries depend on workspace and share permissions.
Workspaces where agents and humans collaborate with file preview, versioning, and AI
Review workspace membership, share access settings, passwords, and expiration before placing sensitive data in shared workspaces.