FaxAgent-Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
Install only if you trust FaxAgent.ai and need fax automation. Confirm every recipient and document before submission, keep tokenized upload/payment/status links private, inspect optional shell commands before running them, and review the full normalized skill text because the provided artifact was truncated and had a control-character signal. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can create a fax job and send selected document data to FaxAgent.ai.
The skill instructs the agent/user to create fax jobs and optionally upload a selected PDF to the provider. This is the core faxing purpose, and the workflow also says to confirm user intent and not auto-pay.
CALL → POST https://faxagent.ai/api/submit-fax with JSON body ... Upload a PDF to the returned upload_url ... curl -sS -X POST "<UPLOAD_URL>"
Only submit after explicit user approval, verify the recipient fax number, and upload only the intended document.
Anyone with a full tokenized URL may be able to view or act on that fax workflow link.
FaxAgent job tokens and tokenized URLs provide access to upload, payment, preview, or status functions for a fax job. The skill correctly identifies them as sensitive and gives redaction guidance.
The returned token is short-lived and tied to the fax job. ... Treat upload_url, pay_url, and status_url as sensitive URLs
Do not paste full tokenized URLs in public channels, logs, or shared transcripts unless the recipient needs access.
If the optional script is run, the fax token may appear in shell history or process listings depending on the environment.
The markdown includes an optional local shell polling script. It is user-directed and bounded, but it still involves running local shell commands and passing a token as an argument.
Automated polling script (bash) ... bash poll-fax-status.sh <fax_id> <token> ... cat > poll-fax-status.sh <<'BASH'
Inspect scripts before running them and avoid exposing tokens in shared terminals, logs, or command history.
Users have less independent provenance information for verifying the skill author or service documentation.
The registry metadata does not provide source or homepage provenance. Because this is an instruction-only skill with disclosed endpoints, this is a transparency note rather than a security concern.
Source: unknown; Homepage: none
Verify that FaxAgent.ai is the intended service before sending documents, payment, or personal information.
A reviewer or user could miss text if they view an unnormalized version of the file.
Unicode control characters can sometimes affect how text is displayed or reviewed. The supplied visible content does not show a harmful hidden instruction, so this remains a display-review note.
Pre-scan injection signals ... unicode-control-chars ... "controlCharactersRemoved": 2
Review the normalized full SKILL.md text before installation or use.