linkfox-shopee-store-livestream

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script _shopee_livestream_common.py uses subprocess.run to execute a local dependency checker script (check_auth_dependency.py). This is a routine operation to ensure required companion skills are installed before proceeding.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file provides instructions to download a missing onboarding skill from agent-files.linkfox.com. This is a vendor-owned domain used for distribution of legitimate skill components.
  • [DATA_EXFILTRATION]: Network requests are sent to tool-gateway.linkfox.com and shopee/developerProxy. These endpoints are used to proxy Shopee API calls and manage authentication tokens. This behavior is consistent with the skill's documented purpose of interacting with the Shopee platform.
  • [CREDENTIALS_UNSAFE]: The skill retrieves API keys from environment variables (LINKFOX_AGENT_API_KEY, LINKFOXAGENT_API_KEY). This is a standard practice for managing secrets in agent environments and does not involve hardcoded credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM