Fast.io
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: fast-io Version: 1.185.0 The fast-io skill bundle provides a comprehensive and well-documented set of 19 tools for an AI agent to interact with the Fast.io platform, which facilitates shared workspaces, file management, and AI-powered collaboration. The SKILL.md and REFERENCE.md files provide extensive instructions on authentication (API keys, PKCE, 2FA), file operations (including a high-performance blob upload sidecar), AI-driven RAG chat, and workflow management (tasks, approvals, worklogs). While the tools grant the agent broad capabilities such as network access to fast.io and file manipulation, these actions are strictly aligned with the stated purpose of the service. The documentation encourages transparency through worklogs and provides clear guidance on security and resource management. No evidence of malicious intent, unauthorized data exfiltration, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent receives a human user's API key, it can act with that user's Fast.io permissions.
This shows the integration can operate with the user's Fast.io account-level permissions, including managing files and shares.
The API key has the same permissions as the human user, so you can manage their workspaces, shares, and files directly.
Use a dedicated agent account or limited organization/workspace membership where possible, and revoke API keys or admin access when the task is finished.
An agent may be able to create or manage workspaces, shares, uploads, workflow items, and other Fast.io resources.
The tool surface is broad and can perform many authenticated Fast.io actions; this is expected for a full platform integration but should be used carefully.
This MCP server exposes 19 consolidated tools that cover the full Fast.io REST API surface. Every authenticated API endpoint has a corresponding tool action
Require clear user confirmation for public sharing, ownership transfer, billing/upgrade actions, or other high-impact changes.
The agent may follow live instructions supplied by Fast.io's remote MCP server.
Some instructions and tool behavior come from the remote Fast.io MCP server rather than the local skill files, so they can change outside this static review.
MCP-connected agents receive comprehensive workflow guidance through SERVER_INSTRUCTIONS at connection time
Connect only to the official Fast.io endpoint, review provider trust and account permissions, and monitor high-impact actions.
Uploaded workspace documents may be analyzed and made queryable through Fast.io AI features.
Workspace documents may be processed into an AI-searchable index; this is core functionality but can include sensitive or collaborator-provided content.
Enable intelligence on a workspace and documents are automatically indexed, summarized, and queryable
Avoid enabling intelligence on confidential workspaces unless approved, and treat AI answers from shared or user-uploaded documents as potentially influenced by those documents.
Files, comments, and workflow context may be visible to other invited users or agents depending on permissions.
The service is designed for shared agent-human workspaces, so data boundaries depend on workspace and share permissions.
Workspaces where agents and humans collaborate with file preview, versioning, and AI
Review workspace membership, share access settings, passwords, and expiration before placing sensitive data in shared workspaces.