linkfox-shopee-store-product
Warn
Audited by Socket on Jul 16, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The product-management purpose broadly matches the API actions, but the trust and data-flow model is not clean: token-backed Shopee operations are routed through LinkFox and an additional proxy instead of official Shopee endpoints, all responses are force-written locally, and the skill can trigger transitive installation of another skill from a remote ZIP. This is not confirmed malware, but it is a high-risk integration pattern with disproportionate intermediary access and supply-chain concerns.
Confidence: 86%Severity: 78%
Audit Metadata