linkfox-shopee-store-merchant

Warn

Audited by Socket on Jul 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the stated Shopee merchant-query purpose is plausible, but the actual footprint routes token-backed traffic through non-Shopee intermediary services, stores full results locally by default, and instructs transitive installation of another skill from a remote ZIP. This looks more like a managed gateway ecosystem than a minimal API skill; risk is elevated by proxying and skill-to-skill trust chaining, though there is not enough evidence here to call it malware.

Confidence: 82%Severity: 74%
Audit Metadata
Analyzed At
Jul 16, 2026, 08:09 AM
Package URL
pkg:socket/skills-sh/linkfox-ai%2Flinkfox-skills%2Flinkfox-shopee-store-merchant%2F@b01d95d25c379d3e97fb1aa0d017dfd765f55b32ba24cdb1555fb8112dd4091b