linkfox-shopee-store-ams
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local dependency checker script (
check_auth_dependency.py) usingsubprocess.run. This is used to verify that the required authentication skill is installed. The command uses a direct path and the current Python executable, following safe execution patterns. - [DATA_EXFILTRATION]: The skill transmits request data and authentication tokens to vendor-owned endpoints (
tool-gateway.linkfox.comandskill-api.linkfox.com). This communication is the intended mechanism for proxying requests to Shopee's Open API and providing skill feedback. - [EXTERNAL_DOWNLOADS]: The instructions reference an onboarding package available for download from
agent-files.linkfox.com. This is a vendor-provided resource for initial environment setup. - [CREDENTIALS_UNSAFE]: API keys are retrieved from environment variables (
LINKFOX_AGENT_API_KEY), which is the standard and recommended practice for avoiding hardcoded secrets in skill scripts.
Audit Metadata