linkfox-1688-procurement

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: All network operations are directed to official vendor-controlled domains (tool-gateway.linkfox.com, skill-api.linkfox.com, and agent-files.linkfox.com) for API interactions and necessary support downloads.
  • [SAFE]: The skill implements a local redact function in _alibaba1688_common.py that strips sensitive information (API keys, JWTs, tokens, and secrets) from any data written to the local filesystem for logging or caching purposes.
  • [SAFE]: High-risk operations such as order creation, payment retrieval, and cancellation are protected by mandatory confirmation logic. These scripts verify specific boolean flags in the payload that must be explicitly set after user confirmation, preventing unauthorized or accidental execution.
  • [SAFE]: Authentication is managed securely through environment variables (LINKFOX_AGENT_API_KEY), avoiding hardcoded credentials and following recommended security practices for identity management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM