linkfox-shopee-store-livestream
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
_shopee_livestream_common.pyusessubprocess.runto execute a local dependency checker script (check_auth_dependency.py). This is a routine operation to ensure required companion skills are installed before proceeding. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile provides instructions to download a missing onboarding skill fromagent-files.linkfox.com. This is a vendor-owned domain used for distribution of legitimate skill components. - [DATA_EXFILTRATION]: Network requests are sent to
tool-gateway.linkfox.comandshopee/developerProxy. These endpoints are used to proxy Shopee API calls and manage authentication tokens. This behavior is consistent with the skill's documented purpose of interacting with the Shopee platform. - [CREDENTIALS_UNSAFE]: The skill retrieves API keys from environment variables (
LINKFOX_AGENT_API_KEY,LINKFOXAGENT_API_KEY). This is a standard practice for managing secrets in agent environments and does not involve hardcoded credentials.
Audit Metadata