sendfox
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a CLI for the SendFox API using the Effect framework and Bun. Analysis of the source code confirms it performs legitimate API operations (CRUD on contacts, lists, and campaigns).
- [SAFE]: Authentication is handled correctly by using the
SENDFOX_API_TOKENenvironment variable. The skill documentation explicitly warns against hardcoding tokens and provides instructions for secure configuration. - [SAFE]: Network activity is restricted to the official SendFox API endpoint (
api.sendfox.com). No suspicious secondary network calls or data exfiltration patterns were found. - [SAFE]: The installation and build scripts (
build.sh,install.sh) perform standard build tasks such as dependency installation via Bun and binary compilation. These actions are transparent and necessary for the tool's functionality. - [SAFE]: Form generation templates in the
assets/directory include prominent security warnings to prevent users from exposing their API tokens in client-side code, demonstrating a security-conscious design.
Audit Metadata