linkfox-shopee-store-follow-prize

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill communicates with official LinkFox API endpoints (tool-gateway.linkfox.com, skill-api.linkfox.com) to proxy Shopee API calls and handle feedback. These resources are owned by the skill vendor.
  • [SAFE]: Environment variables like LINKFOX_AGENT_API_KEY are used for standard authentication with the vendor's infrastructure as described in the documentation.
  • [COMMAND_EXECUTION]: The script _shopee_follow_prize_common.py uses subprocess.run to execute the internal check_auth_dependency.py script. The execution is restricted to the local Python interpreter and a specific file within the skill's own directory, posing no risk of arbitrary command injection.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md instructions guide the user to download an onboarding skill from the vendor's official domain (agent-files.linkfox.com) if it is not already present. This is a legitimate workflow for managing skill dependencies within the LinkFox ecosystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM