linkfox-shopee-store-product

Warn

Audited by Socket on Jul 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The product-management purpose broadly matches the API actions, but the trust and data-flow model is not clean: token-backed Shopee operations are routed through LinkFox and an additional proxy instead of official Shopee endpoints, all responses are force-written locally, and the skill can trigger transitive installation of another skill from a remote ZIP. This is not confirmed malware, but it is a high-risk integration pattern with disproportionate intermediary access and supply-chain concerns.

Confidence: 86%Severity: 78%
Audit Metadata
Analyzed At
Jul 16, 2026, 08:09 AM
Package URL
pkg:socket/skills-sh/linkfox-ai%2Flinkfox-skills%2Flinkfox-shopee-store-product%2F@fc43463a1269094b6c47fe0263294eaf057cc7425037273e8866248ad730eacb