linkfox-shopee-store-product
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script
_shopee_product_common.pyutilizessubprocess.runto execute a local dependency checker,check_auth_dependency.py. This is a legitimate use of command execution to verify that the prerequisitelinkfox-shopee-store-authskill is installed and accessible in the agent's environment. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile includes instructions to download an onboarding skill from the vendor's official domain (https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip) if technical issues like quota exhaustion or authentication failures occur. This download facilitates troubleshooting and is hosted on the vendor's own infrastructure. - [DATA_EXFILTRATION]: The skill communicates with the vendor's tool gateway at
https://tool-gateway.linkfox.comand a feedback endpoint athttps://skill-api.linkfox.com. While it transmits the user's API key for authorization, this is done solely to authenticate the requests being proxied to the Shopee API, which is the primary and stated purpose of the skill.
Audit Metadata