linkfox-shopee-store-add-on-deal
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs a local dependency check by executing a helper script (
check_auth_dependency.py) via the Python interpreter. This operation is limited to verifying the presence of the required authentication skill and does not execute arbitrary shell commands. - [EXTERNAL_DOWNLOADS]: The scripts interact with vendor-owned infrastructure at
tool-gateway.linkfox.comto proxy Shopee API requests. Documentation and onboarding resources are also referenced from vendor domains such asagent-files.linkfox.comandskill.linkfox.com. - [DATA_EXFILTRATION]: API response data, which may include session-specific access tokens and store configurations, is saved to the local workspace in a structured directory (
linkfox/). This allows the agent to process data locally and maintain session history without sending data to unauthorized third parties. - [CREDENTIALS_UNSAFE]: The skill retrieves the required API keys from environment variables (
LINKFOX_AGENT_API_KEY) and does not contain hardcoded credentials. These keys are transmitted over encrypted HTTPS connections to the authorized gateway.
Audit Metadata