linkfox-shopee-store-follow-prize
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates with official LinkFox API endpoints (tool-gateway.linkfox.com, skill-api.linkfox.com) to proxy Shopee API calls and handle feedback. These resources are owned by the skill vendor.
- [SAFE]: Environment variables like
LINKFOX_AGENT_API_KEYare used for standard authentication with the vendor's infrastructure as described in the documentation. - [COMMAND_EXECUTION]: The script
_shopee_follow_prize_common.pyusessubprocess.runto execute the internalcheck_auth_dependency.pyscript. The execution is restricted to the local Python interpreter and a specific file within the skill's own directory, posing no risk of arbitrary command injection. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdinstructions guide the user to download an onboarding skill from the vendor's official domain (agent-files.linkfox.com) if it is not already present. This is a legitimate workflow for managing skill dependencies within the LinkFox ecosystem.
Audit Metadata