linkfox-amazon-store-catalog
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runwithin_spapi_catalog_common.pyto execute a local helper script (check_auth_dependency.py). This is a legitimate internal operation used to ensure thelinkfox-amazon-store-authskill is installed and accessible. - [DATA_EXFILTRATION]: The scripts communicate with the vendor's API gateway at
https://tool-gateway.linkfox.comto proxy requests to Amazon's SP-API. This is required for the skill's primary functionality. - [CREDENTIALS_UNSAFE]: The skill accesses API keys stored in environment variables (
LINKFOX_AGENT_API_KEYorLINKFOXAGENT_API_KEY) to authenticate requests sent to the gateway. This is a standard practice for secure credential management in CLI tools.
Audit Metadata