linkfox-shopee-store-add-on-deal

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs a local dependency check by executing a helper script (check_auth_dependency.py) via the Python interpreter. This operation is limited to verifying the presence of the required authentication skill and does not execute arbitrary shell commands.
  • [EXTERNAL_DOWNLOADS]: The scripts interact with vendor-owned infrastructure at tool-gateway.linkfox.com to proxy Shopee API requests. Documentation and onboarding resources are also referenced from vendor domains such as agent-files.linkfox.com and skill.linkfox.com.
  • [DATA_EXFILTRATION]: API response data, which may include session-specific access tokens and store configurations, is saved to the local workspace in a structured directory (linkfox/). This allows the agent to process data locally and maintain session history without sending data to unauthorized third parties.
  • [CREDENTIALS_UNSAFE]: The skill retrieves the required API keys from environment variables (LINKFOX_AGENT_API_KEY) and does not contain hardcoded credentials. These keys are transmitted over encrypted HTTPS connections to the authorized gateway.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM