linkfox-amazon-store-catalog

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run within _spapi_catalog_common.py to execute a local helper script (check_auth_dependency.py). This is a legitimate internal operation used to ensure the linkfox-amazon-store-auth skill is installed and accessible.
  • [DATA_EXFILTRATION]: The scripts communicate with the vendor's API gateway at https://tool-gateway.linkfox.com to proxy requests to Amazon's SP-API. This is required for the skill's primary functionality.
  • [CREDENTIALS_UNSAFE]: The skill accesses API keys stored in environment variables (LINKFOX_AGENT_API_KEY or LINKFOXAGENT_API_KEY) to authenticate requests sent to the gateway. This is a standard practice for secure credential management in CLI tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM