linkfox-shopee-store-ams

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local dependency checker script (check_auth_dependency.py) using subprocess.run. This is used to verify that the required authentication skill is installed. The command uses a direct path and the current Python executable, following safe execution patterns.
  • [DATA_EXFILTRATION]: The skill transmits request data and authentication tokens to vendor-owned endpoints (tool-gateway.linkfox.com and skill-api.linkfox.com). This communication is the intended mechanism for proxying requests to Shopee's Open API and providing skill feedback.
  • [EXTERNAL_DOWNLOADS]: The instructions reference an onboarding package available for download from agent-files.linkfox.com. This is a vendor-provided resource for initial environment setup.
  • [CREDENTIALS_UNSAFE]: API keys are retrieved from environment variables (LINKFOX_AGENT_API_KEY), which is the standard and recommended practice for avoiding hardcoded secrets in skill scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM