sendfox

SUSPICIOUS: the skill’s purpose and required SendFox token are broadly coherent, and no clear exfiltration endpoint is shown, but the install path depends on an unverifiable custom CLI built via local scripts with no official SendFox distribution evidence. Main risk is supply-chain and credential forwarding through opaque tooling, not confirmed malware.