linkfox-shopee-store-product

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script _shopee_product_common.py utilizes subprocess.run to execute a local dependency checker, check_auth_dependency.py. This is a legitimate use of command execution to verify that the prerequisite linkfox-shopee-store-auth skill is installed and accessible in the agent's environment.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file includes instructions to download an onboarding skill from the vendor's official domain (https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip) if technical issues like quota exhaustion or authentication failures occur. This download facilitates troubleshooting and is hosted on the vendor's own infrastructure.
  • [DATA_EXFILTRATION]: The skill communicates with the vendor's tool gateway at https://tool-gateway.linkfox.com and a feedback endpoint at https://skill-api.linkfox.com. While it transmits the user's API key for authorization, this is done solely to authenticate the requests being proxied to the Shopee API, which is the primary and stated purpose of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM